Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
gaYiWz75kv.msi

Overview

General Information

Sample name:gaYiWz75kv.msi
renamed because original name is a hash value
Original sample name:7e3e97a19d93606583c07808e3b352d65bf7f316e4f97d4808ca0c3e3efbade3.msi
Analysis ID:1552149
MD5:24551f611dd0042fb6f37c3556be9328
SHA1:6732520636b45264b3fe08cdddb90e22e99ac40f
SHA256:7e3e97a19d93606583c07808e3b352d65bf7f316e4f97d4808ca0c3e3efbade3
Tags:msisigneduser-JAMESWT_MHT
Infos:

Detection

AteraAgent
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected AteraAgent
AI detected suspicious sample
Creates files in the system32 config directory
Installs Task Scheduler Managed Wrapper
Queries disk data (e.g. SMART data)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive service information (via WMI, MSSMBios_RawSMBiosTables, often done to detect sandboxes)
Queries sensitive service information (via WMI, WIN32_SERVICE, often done to detect sandboxes)
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Queries sensitive sound device information (via WMI, Win32_SoundDevice, often done to detect virtual machines)
Reads the Security eventlog
Reads the System eventlog
Yara detected Generic Downloader
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
Is looking for software installed on the system
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
PE file does not import any functions
Queries disk information (often used to detect virtual machines)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the product ID of Windows
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Uncommon Svchost Parent Process
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores large binary data to the registry
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses net.exe to stop services
Uses taskkill to terminate processes
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 4524 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\gaYiWz75kv.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 3288 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 6772 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 9EC403ECF0C0C0E65714DE34CF3E0384 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • rundll32.exe (PID: 3660 cmdline: rundll32.exe "C:\Windows\Installer\MSI52D0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4150234 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32.exe (PID: 2716 cmdline: rundll32.exe "C:\Windows\Installer\MSI591B.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4151609 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32.exe (PID: 4180 cmdline: rundll32.exe "C:\Windows\Installer\MSI6D01.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4157171 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32.exe (PID: 1476 cmdline: rundll32.exe "C:\Windows\Installer\MSI8958.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4163937 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd MD5: 889B99C52A60DD49227C5E485A016679)
      • svchost.exe (PID: 3660 cmdline: C:\Windows\System32\svchost.exe -k smphost MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • msiexec.exe (PID: 1020 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding DF45D645E6A346EE279CFE96252995FD E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • net.exe (PID: 6200 cmdline: "NET" STOP AteraAgent MD5: 31890A7DE89936F922D44D677F681A7F)
        • conhost.exe (PID: 6480 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • net1.exe (PID: 6104 cmdline: C:\Windows\system32\net1 STOP AteraAgent MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1)
      • taskkill.exe (PID: 1520 cmdline: "TaskKill.exe" /f /im AteraAgent.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 6484 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AteraAgent.exe (PID: 2972 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="gratefullytatum@gmail.com" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000MveCAIAZ" /AgentId="efdd2c58-d53a-48e0-bd64-b73430c78939" MD5: 477293F80461713D51A98A24023D45E8)
  • AteraAgent.exe (PID: 2820 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" MD5: 477293F80461713D51A98A24023D45E8)
    • sc.exe (PID: 7156 cmdline: "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000 MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
      • conhost.exe (PID: 1480 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 3224 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "4a6f545b-aae0-4508-bfae-1a58ed989cb7" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MveCAIAZ MD5: 31DEF444E6135301EA3C38A985341837)
      • conhost.exe (PID: 7132 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 5696 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "4742ab29-7a91-4005-8b85-9d822d2d207b" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000MveCAIAZ MD5: 31DEF444E6135301EA3C38A985341837)
      • conhost.exe (PID: 5580 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 5344 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "c61212b5-ba91-4c65-bc4f-c4676c20bb42" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000MveCAIAZ MD5: 31DEF444E6135301EA3C38A985341837)
      • conhost.exe (PID: 6044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 2124 cmdline: "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 2584 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cscript.exe (PID: 3712 cmdline: cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus MD5: 24590BF74BBBBFD7D7AC070F4E3C44FD)
    • AgentPackageSTRemote.exe (PID: 3056 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "81622bfe-fdc1-4fd4-b863-087ece04432b" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIn0=" 001Q300000MveCAIAZ MD5: 749C51599FBF82422791E0DF1C1E841C)
      • conhost.exe (PID: 2804 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageMonitoring.exe (PID: 6768 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "ccc9e31c-ab21-4891-b7ee-8c3371f201f4" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000MveCAIAZ MD5: 5E3252E0248B484E76FCDBF8B42A645D)
      • conhost.exe (PID: 3304 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • AteraAgent.exe (PID: 3128 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" MD5: 477293F80461713D51A98A24023D45E8)
    • sc.exe (PID: 6192 cmdline: "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000 MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
      • conhost.exe (PID: 2684 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 3224 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "c61212b5-ba91-4c65-bc4f-c4676c20bb42" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000MveCAIAZ MD5: 31DEF444E6135301EA3C38A985341837)
      • conhost.exe (PID: 3836 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 4144 cmdline: "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 2020 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cscript.exe (PID: 1576 cmdline: cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus MD5: 24590BF74BBBBFD7D7AC070F4E3C44FD)
    • AgentPackageMonitoring.exe (PID: 5044 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "ccc9e31c-ab21-4891-b7ee-8c3371f201f4" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000MveCAIAZ MD5: 5E3252E0248B484E76FCDBF8B42A645D)
      • conhost.exe (PID: 5060 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 2508 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "6d3932b7-d595-4ec1-ba45-8ee0e9e068b8" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000MveCAIAZ MD5: 31DEF444E6135301EA3C38A985341837)
      • conhost.exe (PID: 5476 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 5684 cmdline: "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 3748 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cscript.exe (PID: 5888 cmdline: cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus MD5: 24590BF74BBBBFD7D7AC070F4E3C44FD)
    • AgentPackageMonitoring.exe (PID: 6396 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "6dc6b569-88f8-4c0b-ba4d-f407efaa2a09" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000MveCAIAZ MD5: 5E3252E0248B484E76FCDBF8B42A645D)
      • conhost.exe (PID: 6628 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageUpgradeAgent.exe (PID: 5480 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "c293db25-a44a-4495-86a5-1d156f7b88b1" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000MveCAIAZ MD5: D11B2139D29E79D795054C3866898B7F)
      • conhost.exe (PID: 384 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageTicketing.exe (PID: 6784 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "1a38e639-d8b2-4578-a9b2-1e798ca9efea" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000MveCAIAZ MD5: F531D3157E9FF57EEA92DB36C40E283E)
      • conhost.exe (PID: 6844 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageProgramManagement.exe (PID: 2672 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "d3c5afbf-763e-48ba-a818-4ee2d8365577" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 001Q300000MveCAIAZ MD5: A739B889642CA9CE4AD3A37A3C521604)
      • conhost.exe (PID: 5008 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageInternalPoller.exe (PID: 7016 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "175cc305-cc6c-4927-a3b6-18d54ad920b0" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000MveCAIAZ MD5: 01807774F043028EC29982A62FA75941)
      • conhost.exe (PID: 1172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageSystemTools.exe (PID: 4428 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "276ad274-97c6-4ad6-a5ad-71fef5b6c1d9" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000MveCAIAZ MD5: C0F02EAA3EB28659D8F1BCBA8DE48479)
      • conhost.exe (PID: 3692 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageOsUpdates.exe (PID: 4024 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "3caeb474-f589-4b7e-af90-d040b4bb9be8" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000MveCAIAZ MD5: 5F782D0CB0F717AE9DFD1B4DA1295F15)
      • conhost.exe (PID: 6192 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • sppsvc.exe (PID: 6620 cmdline: C:\Windows\system32\sppsvc.exe MD5: 320823F03672CEB82CC3A169989ABD12)
  • AgentPackageUpgradeAgent.exe (PID: 7040 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" schedulerrun MD5: D11B2139D29E79D795054C3866898B7F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Windows\Temp\Microsoft_.NET_Runtime_-_6.0.35_(x64)_20241108073939_001_dotnet_hostfxr_6.0.35_win_x64.msi.logJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
    C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
      C:\Windows\Temp\~DFE28F20BF858487E1.TMPJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
          C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
            Click to see the 105 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000017.00000002.2956708927.0000022F5CAE0000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
              00000026.00000002.2549200371.00000215DC870000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                00000017.00000002.2959874922.0000022F5D28A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                  00000022.00000002.2456780674.0000016100086000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                    00000017.00000002.3297945299.0000022F75D68000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                      Click to see the 413 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      56.0.AgentPackageProgramManagement.exe.1fadc890000.0.unpackJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                        63.2.AgentPackageOsUpdates.exe.1f198840000.1.unpackJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                          54.0.AgentPackageTicketing.exe.1c1bba70000.0.unpackJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                            52.0.AgentPackageUpgradeAgent.exe.24faac20000.0.unpackJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                              58.0.AgentPackageInternalPoller.exe.2386e7b0000.0.unpackJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                                Click to see the 14 entries

                                Sigma Signatures

                                Sigma detected: Uncommon Svchost Parent Process
                                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\System32\svchost.exe -k smphost, CommandLine: C:\Windows\System32\svchost.exe -k smphost, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 9EC403ECF0C0C0E65714DE34CF3E0384, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 6772, ParentProcessName: msiexec.exe, ProcessCommandLine: C:\Windows\System32\svchost.exe -k smphost, ProcessId: 3660, ProcessName: svchost.exe
                                Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                                Source: Process startedAuthor: Michael Haag: Data: Command: cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus, CommandLine: cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus, CommandLine|base64offset|contains: r+, Image: C:\Windows\System32\cscript.exe, NewProcessName: C:\Windows\System32\cscript.exe, OriginalFileName: C:\Windows\System32\cscript.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2124, ParentProcessName: cmd.exe, ProcessCommandLine: cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus, ProcessId: 3712, ProcessName: cscript.exe
                                Sigma detected: Net.exe Execution
                                Source: Process startedAuthor: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): Data: Command: "NET" STOP AteraAgent, CommandLine: "NET" STOP AteraAgent, CommandLine|base64offset|contains: I3, Image: C:\Windows\SysWOW64\net.exe, NewProcessName: C:\Windows\SysWOW64\net.exe, OriginalFileName: C:\Windows\SysWOW64\net.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding DF45D645E6A346EE279CFE96252995FD E Global\MSI0000, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 1020, ParentProcessName: msiexec.exe, ProcessCommandLine: "NET" STOP AteraAgent, ProcessId: 6200, ProcessName: net.exe
                                Sigma detected: Stop Windows Service Via Net.EXE
                                Source: Process startedAuthor: Jakob Weinzettl, oscd.community, Nasreddine Bencherchali (Nextron Systems): Data: Command: "NET" STOP AteraAgent, CommandLine: "NET" STOP AteraAgent, CommandLine|base64offset|contains: I3, Image: C:\Windows\SysWOW64\net.exe, NewProcessName: C:\Windows\SysWOW64\net.exe, OriginalFileName: C:\Windows\SysWOW64\net.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding DF45D645E6A346EE279CFE96252995FD E Global\MSI0000, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 1020, ParentProcessName: msiexec.exe, ProcessCommandLine: "NET" STOP AteraAgent, ProcessId: 6200, ProcessName: net.exe

                                Suricata Signatures

                                No Suricata rule has matched

                                Joe Sandbox Signatures

                                Click to jump to signature section

                                Show All Signature Results

                                AV Detection

                                barindex
                                Multi AV Scanner detection for dropped file
                                Source: 3f5122.rbf (copy)ReversingLabs: Detection: 20%
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeReversingLabs: Detection: 20%
                                Multi AV Scanner detection for submitted file
                                Source: gaYiWz75kv.msiReversingLabs: Detection: 26%
                                AI detected suspicious sample
                                Source: Submited SampleIntegrated Neural Analysis Model: Matched 95.6% probability
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F664E20 CryptCreateHash,GetLastError,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,CryptEncrypt,GetLastError,CryptDecrypt,GetLastError,CryptDestroyKey,CryptDestroyHash,43_2_00007FF89F664E20
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F664DE0 CryptReleaseContext,43_2_00007FF89F664DE0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F664BC0 CryptAcquireContextW,GetLastError,CryptReleaseContext,CryptReleaseContext,CryptReleaseContext,43_2_00007FF89F664BC0
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA NetworksJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA Networks\AteraAgentJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exeJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe.configJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA Networks\AteraAgent\Newtonsoft.Json.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA Networks\AteraAgent\Pubnub.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA Networks\AteraAgent\System.ValueTuple.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\sharedJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.AppJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebSockets.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Http.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Numerics.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Pipes.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.Serialization.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Core.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.Primitives.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Configuration.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Intrinsics.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-rtlsupport-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\msquic.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebSockets.Client.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Primitives.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-interlocked-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Sockets.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ServiceModel.Web.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ServiceProcess.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encodings.Web.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\WindowsBase.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-debug-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.AccessControl.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.DriveInfo.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-localization-l1-2-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Channels.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebProxy.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Web.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.Expressions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.MemoryMappedFiles.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Primitives.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-sysinfo-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-processenvironment-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Pipes.AccessControl.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-stdio-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.TypeConverter.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Numerics.Vectors.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Emit.ILGeneration.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.Primitives.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ObjectModel.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Xml.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\dbgshim.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-file-l2-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.HttpListener.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Formats.Asn1.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Cng.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-timezone-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Json.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XDocument.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Emit.Lightweight.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscorlib.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebClient.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.Xml.Linq.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-string-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XPath.XDocument.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscordbi.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-file-l1-2-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.InteropServices.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.Immutable.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Extensions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.NetworkInformation.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.UnmanagedMemoryStream.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.TraceSource.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-environment-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-console-l1-2-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-heap-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.IsolatedStorage.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-util-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-runtime-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Mail.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Ping.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Claims.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Console.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\createdump.exeJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.DataAnnotations.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.ZipFile.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Process.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Web.HttpUtility.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-synch-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-memory-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-libraryloader-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.Win32.Primitives.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.DiagnosticSource.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebHeaderCollection.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Dynamic.Runtime.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Requests.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-conio-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Extensions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Globalization.Extensions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.VisualBasic.Core.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\hostpolicy.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Formatters.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Transactions.Local.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\.versionJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Drawing.Primitives.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\clrjit.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.ReaderWriter.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.Dataflow.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.Annotations.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\clretwrc.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.Parallel.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Memory.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-math-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.DiaSymReader.Native.amd64.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.NonGeneric.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Globalization.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encoding.Extensions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Tools.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.TypeExtensions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-time-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.Linq.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-synch-l1-2-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.DataContractSerialization.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Handles.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Resources.Reader.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-console-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.Native.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ValueTuple.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.Xml.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.NETCore.App.runtimeconfig.jsonJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Metadata.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-datetime-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Data.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.CSharp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Resources.ResourceManager.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XmlSerializer.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.NETCore.App.deps.jsonJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Primitives.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Csp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-private-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.OpenSsl.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscordaccore_amd64_amd64_6.0.3524.45918.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Json.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.AccessControl.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Quic.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-namedpipe-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encoding.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscordaccore.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.StackTrace.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Principal.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Principal.Windows.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\ucrtbase.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Encoding.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.Queryable.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Windows.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Overlapped.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encoding.CodePages.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-filesystem-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscorrc.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.DispatchProxy.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.Extensions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.EventBasedAsync.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-processthreads-l1-1-1.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Data.Common.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.CompilerServices.VisualC.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.NameResolution.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.ThreadPool.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Thread.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Emit.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-multibyte-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.Win32.Registry.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-file-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Contracts.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Numerics.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.InteropServices.RuntimeInformation.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.Specialized.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-convert-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-processthreads-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.SecureString.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.AppContext.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-handle-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-utility-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-process-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Resources.Writer.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-string-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-fibers-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Buffers.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Security.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.Brotli.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XPath.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.ServicePoint.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.VisualBasic.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Data.DataSetExtensions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.X509Certificates.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Tracing.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.Concurrent.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Drawing.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Http.Json.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.FileVersionInfo.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Debug.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Timer.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\coreclr.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Loader.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-heap-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.RegularExpressions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Globalization.Calendars.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.Parallel.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.CompilerServices.Unsafe.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.TextWriterTraceListener.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-profile-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.FileSystem.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Primitives.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-locale-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Transactions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.Uri.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.Watcher.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XmlDocument.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-errorhandling-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.CoreLib.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Algorithms.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\netstandard.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\hostJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\host\fxrJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\host\fxr\6.0.35Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\host\fxr\6.0.35\hostfxr.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\dotnet.exeJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\LICENSE.txtJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\ThirdPartyNotices.txtJump to behavior
                                Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6B2921FF-79C1-4EBF-81B4-C606D4E5BEF4}Jump to behavior
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\InstallUtil.InstallLog
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.InstallLog
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\LICENSE.txtJump to behavior
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\LICENSE.txt
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\7zip.license.txt
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\checksum.license.txt
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\shimgen.license.txt
                                Source: Binary string: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3045785665.000000A9B58F3000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: C:\projects\polly\src\Polly\obj\Release\netstandard1.1\Polly.pdbSHA256 source: AgentPackageMonitoring.exe, 0000002B.00000002.2657544480.000002ADA2E22000.00000002.00000001.01000000.00000020.sdmp
                                Source: Binary string: C:\Program Files (x86)\ATERA b.pdb7 source: AgentPackageUpgradeAgent.exe, 0000003B.00000002.3334484189.000001D441C28000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3226195005.0000024FC3E4F000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb<$ source: AteraAgent.exe, 0000000D.00000000.2136092382.00000235396D2000.00000002.00000001.01000000.0000000F.sdmp
                                Source: Binary string: rmation.pdb source: AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA0A87000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb source: AgentPackageAgentInformation.exe, 00000013.00000002.2389816421.00000238C26F2000.00000002.00000001.01000000.00000018.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.2923848146.000001FADCD02000.00000002.00000001.01000000.00000037.sdmp
                                Source: Binary string: D:\a\1\s\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent\obj\Release\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 00000034.00000000.2748557710.0000024FAAC22000.00000002.00000001.01000000.00000026.sdmp
                                Source: Binary string: c:\dev\sqlite\dotnet-private\obj\2012\System.Data.SQLite.2012\Release\System.Data.SQLite.pdbp+ source: AgentPackageMonitoring.exe, 0000002B.00000002.2661494817.000002ADA2FE2000.00000002.00000001.01000000.00000022.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\*.pdb source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3226195005.0000024FC3E4F000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\projects\nlog\src\NLog\obj\Release\net45\NLog.pdb source: AgentPackageMonitoring.exe, 0000002B.00000002.2662447376.000002ADA3052000.00000002.00000001.01000000.00000023.sdmp
                                Source: Binary string: C:\projects\structuremap\src\StructureMap\obj\Release\net45\StructureMap.pdb source: AgentPackageMonitoring.exe, 00000022.00000002.2473619511.000001617D3F2000.00000002.00000001.01000000.0000001D.sdmp
                                Source: Binary string: D:\a\1\s\Atera.AgentCommunication.Models\obj\Release\net45\Atera.AgentCommunication.Models.pdbSHA256G source: AgentPackageInternalPoller.exe, 0000003A.00000002.2905449409.000002386F8C2000.00000002.00000001.01000000.00000032.sdmp
                                Source: Binary string: D:\a\1\s\AgentPackageTicketing\AgentPackageTicketing\obj\Release\AgentPackageTicketing.pdb\mvm hm_CorExeMainmscoree.dll source: AgentPackageTicketing.exe, 00000036.00000000.2762227421.000001C1BBA72000.00000002.00000001.01000000.00000028.sdmp
                                Source: Binary string: D:\a\_work\1\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netstandard1.1\System.Memory.pdb source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D7D0000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb8 source: AgentPackageProgramManagement.exe, 00000038.00000002.2923848146.000001FADCD02000.00000002.00000001.01000000.00000037.sdmp
                                Source: Binary string: Deserializebe9b72de-bd69-4837-9ca3-f44a00f3740ePackageMonitoring.pdb source: AgentPackageMonitoring.exe, 0000002F.00000002.3105681849.0000019368D1D000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\Users\LiorKovarsky\Downloads\sharpsnmplib-11.3.0\sharpsnmplib-11.3.0\SharpSnmpLib\obj\Release\net45\win\SharpSnmpLib.pdbSHA256 source: AgentPackageInternalPoller.exe, 0000003A.00000002.2910721127.000002386FC92000.00000002.00000001.01000000.00000035.sdmp
                                Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000004.00000003.2051062600.00000000045E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.00000000042FF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004AAE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AB3000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb source: AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D96000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.PDBPv source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3045785665.000000A9B58F3000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb source: AteraAgent.exe, 0000000D.00000000.2136092382.00000235396D2000.00000002.00000001.01000000.0000000F.sdmp
                                Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdbSHA256 source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D878000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000003B.00000002.3334484189.000001D441C3B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdbt source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3226195005.0000024FC3E4F000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\s\AgentPackageInternalPoller\AgentPackageInternalPoller\obj\Release\AgentPackageInternalPoller.pdb source: AgentPackageInternalPoller.exe, 0000003A.00000000.2793424325.000002386E7B2000.00000002.00000001.01000000.0000002A.sdmp
                                Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdbSHA256mW source: AteraAgent.exe, 0000000E.00000002.2750525974.000001CCA0E02000.00000002.00000001.01000000.00000027.sdmp
                                Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdb source: AteraAgent.exe, 0000000E.00000002.2750525974.000001CCA0E02000.00000002.00000001.01000000.00000027.sdmp
                                Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA2567 source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D791000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002B.00000002.2664866309.000002ADA3132000.00000002.00000001.01000000.00000024.sdmp
                                Source: Binary string: L\AgentPackagn\AgentPackageAgelease\Agentrmation.pdb source: AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA0A87000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\code\dapper-dot-net\Dapper\bin\Release\net45\Dapper.pdb source: AgentPackageMonitoring.exe, 0000002B.00000002.2661015610.000002ADA2FA2000.00000002.00000001.01000000.00000021.sdmp
                                Source: Binary string: D:\a\1\s\AgentPackageProgramManagement\AgentPackageProgramManagement\obj\Release\AgentPackageProgramManagement.pdb source: AgentPackageProgramManagement.exe, 00000038.00000000.2780901484.000001FADC892000.00000002.00000001.01000000.00000029.sdmp
                                Source: Binary string: C:\projects\nlog\src\NLog\obj\Release\net45\NLog.pdbSHA256d source: AgentPackageMonitoring.exe, 0000002B.00000002.2662447376.000002ADA3052000.00000002.00000001.01000000.00000023.sdmp
                                Source: Binary string: D:\a\1\s\AgentPackageProgramManagement\ThirdPartyPackageManager\obj\Release\ThirdPartyPackageManager.pdb source: AgentPackageProgramManagement.exe, 00000038.00000002.2922710080.000001FADCBE2000.00000002.00000001.01000000.00000036.sdmp
                                Source: Binary string: C:\projects\polly\src\Polly\obj\Release\netstandard1.1\Polly.pdb source: AgentPackageMonitoring.exe, 0000002B.00000002.2657544480.000002ADA2E22000.00000002.00000001.01000000.00000020.sdmp
                                Source: Binary string: D:\a\1\s\AgentPackageAgentInformation\AgentPackageAgentInformation\obj\Release\AgentPackageAgentInformation.pdb source: AgentPackageAgentInformation.exe, 00000013.00000000.2360050618.00000238C2272000.00000002.00000001.01000000.00000016.sdmp
                                Source: Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000004.00000003.2051062600.00000000045E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.00000000042FF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004AAE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AB3000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: symbols\exe\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3045785665.000000A9B58F3000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88235000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2390522823.00000238DB462000.00000002.00000001.01000000.00000019.sdmp
                                Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdblob.stor source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3226195005.0000024FC3E4F000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: ]c:\borrar\EmptyDll\Release\EmptyDll.pdb source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmp
                                Source: Binary string: D:\a\_work\1\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netstandard1.1\System.Memory.pdbSHA256~ source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D7D0000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88235000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2390522823.00000238DB462000.00000002.00000001.01000000.00000019.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D791000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002B.00000002.2664866309.000002ADA3132000.00000002.00000001.01000000.00000024.sdmp
                                Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdb source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D878000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000003B.00000002.3334484189.000001D441C3B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3214008555.0000024FC3CA2000.00000002.00000001.01000000.00000044.sdmp
                                Source: Binary string: \??\C:\Windows\dll\System.pdbc.exe source: AgentPackageUpgradeAgent.exe, 0000003B.00000002.3334484189.000001D441C28000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Polly.dllt.pdb source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3226195005.0000024FC3E4F000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdbiiiGCTL source: AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D96000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3214008555.0000024FC3CA2000.00000002.00000001.01000000.00000044.sdmp
                                Source: Binary string: D:\a\1\s\AgentPackageMonitoring\AgentPackageMonitoring\obj\Release\AgentPackageMonitoring.pdb source: AteraAgent.exe, 0000000E.00000002.2755186667.000001CCA0FA4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2451905347.000001617CB62000.00000002.00000001.01000000.0000001B.sdmp
                                Source: Binary string: AgentPackageUpgradeAgent.PDB source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3045785665.000000A9B58F3000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: C:\Users\LiorKovarsky\Downloads\sharpsnmplib-11.3.0\sharpsnmplib-11.3.0\SharpSnmpLib\obj\Release\net45\win\SharpSnmpLib.pdb source: AgentPackageInternalPoller.exe, 0000003A.00000002.2910721127.000002386FC92000.00000002.00000001.01000000.00000035.sdmp
                                Source: Binary string: D:\a\1\s\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent\obj\Release\AgentPackageUpgradeAgent.pdbdeAgent.pdbO source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3045785665.000000A9B58F3000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: c:\borrar\EmptyDll\Release\EmptyDll.pdb source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmp
                                Source: Binary string: C:\buildAgent\work\1b72bc6dac87fa71\code_drop\merge\chocolatey.pdb source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmp
                                Source: Binary string: em.pdb source: AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA09B8000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000004.00000003.2051062600.00000000045E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.00000000042FF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004AAE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AB3000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\s\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller\obj\Release\AgentPackageRuntimeInstaller.pdb source: AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D96000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\projects\structuremap\src\StructureMap\obj\Release\net45\StructureMap.pdbSHA256`{f source: AgentPackageMonitoring.exe, 00000022.00000002.2473619511.000001617D3F2000.00000002.00000001.01000000.0000001D.sdmp
                                Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdbPf source: AgentPackageAgentInformation.exe, 00000013.00000002.2389816421.00000238C26F2000.00000002.00000001.01000000.00000018.sdmp
                                Source: Binary string: D:\a\1\s\AgentPackageProgramManagement\ThirdPartyPackageManager\obj\Release\ThirdPartyPackageManager.pdbm source: AgentPackageProgramManagement.exe, 00000038.00000002.2922710080.000001FADCBE2000.00000002.00000001.01000000.00000036.sdmp
                                Source: Binary string: Agent\AgentPackageUpgradeAgent\obj\Release\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 0000003B.00000002.3334484189.000001D441C28000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: PC:\Windows\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3045785665.000000A9B58F3000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Windows\symbols\exe\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3226195005.0000024FC3E4F000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: pC:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.PDB source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3045785665.000000A9B58F3000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: mscorlib.pdb source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3226195005.0000024FC3DFA000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Windows\dll\System.pdb source: AgentPackageUpgradeAgent.exe, 0000003B.00000002.3334484189.000001D441C28000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\dev\sqlite\dotnet-private\bin\2012\x64\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: AgentPackageMonitoring.exe, 0000002B.00000002.2693765678.00007FF89F7AA000.00000002.00000001.01000000.0000001E.sdmp
                                Source: Binary string: Syem.pdb source: AgentPackageUpgradeAgent.exe, 0000003B.00000002.3096158574.000001D428BC7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdbSHA256 source: AteraAgent.exe, 0000000D.00000002.2183039602.0000023553D12000.00000002.00000001.01000000.00000011.sdmp
                                Source: Binary string: C:\Windows\AgentPackageUpgradeAgent.pdbpdbent.pdb source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3226195005.0000024FC3E4F000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb source: AteraAgent.exe, 0000000D.00000002.2183039602.0000023553D12000.00000002.00000001.01000000.00000011.sdmp
                                Source: Binary string: c:\dev\sqlite\dotnet-private\obj\2012\System.Data.SQLite.2012\Release\System.Data.SQLite.pdb source: AgentPackageMonitoring.exe, 0000002B.00000002.2661494817.000002ADA2FE2000.00000002.00000001.01000000.00000022.sdmp
                                Source: Binary string: D:\a\1\s\Atera.AgentCommunication.Models\obj\Release\net45\Atera.AgentCommunication.Models.pdb source: AgentPackageInternalPoller.exe, 0000003A.00000002.2905449409.000002386F8C2000.00000002.00000001.01000000.00000032.sdmp
                                Source: Binary string: \??\C:\Windows\exe\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3226195005.0000024FC3E4F000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\s\AgentPackageTicketing\AgentPackageTicketing\obj\Release\AgentPackageTicketing.pdb source: AgentPackageTicketing.exe, 00000036.00000000.2762227421.000001C1BBA72000.00000002.00000001.01000000.00000028.sdmp
                                Source: Binary string: C:\Windows\System.pdbpdbtem.pdbD source: AgentPackageUpgradeAgent.exe, 0000003B.00000002.3334484189.000001D441C28000.00000004.00000020.00020000.00000000.sdmp
                                Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
                                Source: C:\Windows\System32\cscript.exeFile opened: c:
                                Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeFile opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-CheckSumValid.ps1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeFile opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Format-FileSize.ps1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeFile opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-EnvironmentVariableNames.ps1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeFile opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-EnvironmentVariable.ps1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeFile opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-ChocolateyUnzip.ps1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeFile opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-ChocolateyWebFile.ps1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FF848A81873h13_2_00007FF848A80C1D
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FF848A81A44h13_2_00007FF848A80C1D
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FF848A81FFFh13_2_00007FF848A80C1D
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FF848A8227Bh13_2_00007FF848A80C1D
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FF848A81FFFh13_2_00007FF848A81EB6
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FF848A81FFFh13_2_00007FF848A81E88
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FF848A81FFFh13_2_00007FF848A81E7E
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FF848A81873h13_2_00007FF848A8184E
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FF848A81A44h13_2_00007FF848A8184E
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FF848A94ECBh14_2_00007FF848A94E6B
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FF848A9227Bh14_2_00007FF848A9225D
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FF848A84ECBh23_2_00007FF848A84E6B
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FF848A8227Bh23_2_00007FF848A8225D
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then dec eax23_2_00007FF848C91C83
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FF848C99C80h23_2_00007FF848C99AA0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then dec eax23_2_00007FF848C98F8B

                                Networking

                                barindex
                                System process connects to network (likely due to code injection or exploit)
                                Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 40.119.152.241 443
                                Yara detected Generic Downloader
                                Source: Yara matchFile source: 19.0.AgentPackageAgentInformation.exe.238c2270000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 56.2.AgentPackageProgramManagement.exe.1faf6220000.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.Utils.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\netstandard.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.Utils.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\netstandard.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\chocolatey.dll, type: DROPPED
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D316000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENT.PACKAGE.WATCHDOG/1.7/AGENT.PACKAGE.WATCHDOG.ZIP
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D316000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEADREMOTE/6.0/AGENTPACKAGEADREMOTE.ZIP
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEHEARTBEAT/17.14/AGENTPACKAGEHEARTBEAT.ZIP
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEINTERNALPOLLER/23.8/AGENTPACKAGEINTERNALPOLLER.Z
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D2E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEMARKETPLACE/1.6/AGENTPACKAGEMARKETPLACE.ZIP
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88114000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEMONITORING/37.8/AGENTPACKAGEMONITORING.ZIP
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEOSUPDATES/20.1/AGENTPACKAGEOSUPDATES.ZIP
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEPROGRAMMANAGEMENT/26.0/AGENTPACKAGEPROGRAMMANAGE
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D316000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGERUNTIMEINSTALLER/1.6/AGENTPACKAGERUNTIMEINSTALLE
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGESTREMOTE/23.4/AGENTPACKAGESTREMOTE.ZIP
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D28C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGESYSTEMTOOLS/27.6/AGENTPACKAGESYSTEMTOOLS.ZIP
                                Source: AgentPackageSTRemote.exe, 0000001F.00000002.3358663032.0000015FC0577000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a6dc35606b2c6816e.awsglobalaccelerator.com
                                Source: AteraAgent.exe, 0000000D.00000000.2136092382.00000235396D2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87D71000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5CFD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://acontrol.atera.com/
                                Source: AteraAgent.exe, 0000000E.00000002.2754258230.000001CCA0F4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0
                                Source: AteraAgent.exe, 0000000E.00000002.2754258230.000001CCA0F4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv10.crl0
                                Source: rundll32.exe, 00000005.00000002.2111523595.00000000045B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88208000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88198000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87FE7000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88235000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88030000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87FFA000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2236683009.0000000004C85000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2389956341.00000238C2D0F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2651999473.0000027C320D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2651999473.0000027C3215F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2651999473.0000027C3210C000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2652301372.0000025EB2BE1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2652301372.0000025EB2B51000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2652301372.0000025EB2B8F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002B.00000002.2647176737.000002AD8AAE1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000002D.00000002.2973160106.000001D18820E000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934FA28000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F908000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD816000.00000004.00000800.00020000.00000000.sdmp, AgentPackageInternalPoller.exe, 0000003A.00000002.2860563478.0000023800123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://agent-api.atera.com
                                Source: AgentPackageAgentInformation.exe, 00000024.00000002.2652301372.0000025EB2B8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://agent-api.atera.comW
                                Source: rundll32.exe, 00000005.00000002.2111523595.00000000045B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88208000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88198000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87FE7000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88235000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88030000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87FFA000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2236683009.0000000004C85000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2389956341.00000238C2D0F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2651999473.0000027C320D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2651999473.0000027C3215F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2651999473.0000027C3210C000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2652301372.0000025EB2BE1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2652301372.0000025EB2B51000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2652301372.0000025EB2B8F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002B.00000002.2647176737.000002AD8AAE1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000002D.00000002.2973160106.000001D18820E000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934FA28000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F908000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD816000.00000004.00000800.00020000.00000000.sdmp, AgentPackageInternalPoller.exe, 0000003A.00000002.2860563478.0000023800123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://atera-agent-api-eu.westeurope.cloudapp.azure.com
                                Source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3084404253.0000024FAB6B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://blob.ams08prdstr06a.store.core.windows.net
                                Source: AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA0A4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/
                                Source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                                Source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC882AD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2733842227.000001CCA0440000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2745482614.000001CCA0B00000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88235000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2755186667.000001CCA0FA4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2702700714.000001CC875AB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2754258230.000001CCA0F36000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA0A87000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D96000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D9AA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D878000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D7D0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3297945299.0000022F75CE6000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D791000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D316000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D91F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000003B.00000002.3334484189.000001D441C3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                                Source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                                Source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88114000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC883AA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88235000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA0A11000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87FFA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D858000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D90A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D64B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D7D0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D987000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
                                Source: AteraAgent.exe, 0000000D.00000002.2181724981.000002353B619000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2182517157.0000023553C10000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2183216765.0000023553FB0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC882AD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2733842227.000001CCA0440000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2745482614.000001CCA0B00000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88235000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2755186667.000001CCA0FA4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2754258230.000001CCA0F36000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA0A87000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA09D9000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D68000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D96000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D9AA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D878000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D629000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D7D0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D7EF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D94F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D791000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                                Source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2182517157.0000023553C10000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC882AD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88235000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2755186667.000001CCA0FA4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2754258230.000001CCA0F36000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA0A87000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D96000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D9AA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D878000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D7D0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D791000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D39000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D316000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D91F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 00000034.00000002.3084404253.0000024FAB6DE000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 00000034.00000002.3084404253.0000024FAB6DA000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000003B.00000002.3334484189.000001D441C3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                                Source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC882AD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2733842227.000001CCA0440000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA0A38000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2745482614.000001CCA0B00000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88235000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2755186667.000001CCA0FA4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2754258230.000001CCA0F36000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA0A87000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA09D9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2390728030.00000238DB599000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D96000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D9AA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D00000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D878000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D7D0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3280065409.0000022F758F0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D791000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                                Source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
                                Source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://cdn.rubyinstaller.org/archives/devkits/DevKit-mingw64-32-4.7.2-20130224-1151-sfx.exe
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://cdn.rubyinstaller.org/archives/devkits/DevKit-mingw64-64-4.7.2-20130224-1432-sfx.exe
                                Source: AteraAgent.exe, 0000000E.00000002.2733842227.000001CCA0499000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.defence.gov.au/pki0
                                Source: rundll32.exe, 00000011.00000003.2234462092.000000000761D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micros
                                Source: rundll32.exe, 00000011.00000003.2234462092.000000000761D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft
                                Source: AteraAgent.exe, 0000000E.00000002.2755090717.000001CCA0F7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ssc.lt/root-c/cacrl.crl0
                                Source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3226195005.0000024FC3DFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.v
                                Source: AteraAgent.exe, 0000000D.00000002.2182517157.0000023553CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/
                                Source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC882AD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2733842227.000001CCA0440000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2745482614.000001CCA0B00000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88235000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2755186667.000001CCA0FA4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2702700714.000001CC875AB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2754258230.000001CCA0F36000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA0A87000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D96000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D9AA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D878000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D7D0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3297945299.0000022F75CE6000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D791000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D316000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D91F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000003B.00000002.3334484189.000001D441C3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                                Source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                                Source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0
                                Source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
                                Source: AteraAgent.exe, 0000000D.00000002.2182517157.0000023553CE7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2182517157.0000023553CC2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2182517157.0000023553CD6000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2178484180.000002353996E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA0A11000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
                                Source: AteraAgent.exe, 0000000D.00000002.2181724981.000002353B619000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2182517157.0000023553C10000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2183216765.0000023553FB0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88114000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC882AD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC883AA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2733842227.000001CCA0440000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2745482614.000001CCA0B00000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88235000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2755186667.000001CCA0FA4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2754258230.000001CCA0F36000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA0A87000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87FFA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA09D9000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D68000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D858000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D96000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D90A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D64B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D9AA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D878000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                                Source: AteraAgent.exe, 0000000D.00000002.2183216765.0000023553F9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlhttp://crl4.digicert.co
                                Source: AteraAgent.exe, 0000000D.00000002.2182517157.0000023553CE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crly
                                Source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2182517157.0000023553C10000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC882AD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88235000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2755186667.000001CCA0FA4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2754258230.000001CCA0F36000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA0A87000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D96000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D9AA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D878000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D7D0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D791000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D39000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D316000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D91F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 00000034.00000002.3084404253.0000024FAB6DE000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 00000034.00000002.3084404253.0000024FAB6DA000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000003B.00000002.3334484189.000001D441C3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                                Source: AteraAgent.exe, 0000000D.00000002.2182517157.0000023553C10000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2182517157.0000023553C95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D91F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2671969746.0000027C4AA09000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 0000001E.00000003.2555466475.000001ACEF711000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 0000001E.00000003.2553736545.000001ACEF6D5000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 0000001E.00000003.2554661707.000001ACEF6DD000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 0000001E.00000003.2555990207.000001ACEF711000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 0000001E.00000002.2557212998.000001ACEF711000.00000004.00000020.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000001F.00000002.3375067155.0000015FD8E60000.00000004.00000020.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000001F.00000002.3375067155.0000015FD8EAE000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2671875111.0000025ECB420000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000028.00000003.2542703598.0000024FB244B000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000028.00000003.2542071229.0000024FB2443000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000028.00000003.2544304840.0000024FB247E000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000028.00000002.2546807718.0000024FB247E000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002B.00000002.2666979016.000002ADA3FC0000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000002D.00000002.3142251476.000001D1A07D6000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002F.00000002.3105681849.0000019368DC2000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000033.00000003.2883693736.00000160D678D000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000033.00000002.2896969387.00000160D678D000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000033.00000003.2880422377.00000160D675A000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000033.00000003.2895580020.00000160D678D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                                Source: AteraAgent.exe, 0000000D.00000002.2182517157.0000023553C10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crlL
                                Source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
                                Source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                                Source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                                Source: AteraAgent.exe, 0000000D.00000002.2182517157.0000023553CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com:80/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlche
                                Source: AteraAgent.exe, 0000000D.00000002.2182517157.0000023553CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com:80/DigiCertTrustedRootG4.crlLow
                                Source: AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA0A87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.iCertTrustedRoot
                                Source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                                Source: AteraAgent.exe, 0000000D.00000002.2182517157.0000023553CE7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2182517157.0000023553C10000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2182517157.0000023553C95000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2182517157.0000023553CC2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88114000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC883AA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88235000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87FFA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D858000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D90A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D64B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D7D0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D987000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
                                Source: AteraAgent.exe, 0000000D.00000002.2181724981.000002353B619000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2182517157.0000023553C10000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2183216765.0000023553FB0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC882AD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2733842227.000001CCA0440000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2745482614.000001CCA0B00000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88235000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2755186667.000001CCA0FA4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2754258230.000001CCA0F36000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA0A87000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA09D9000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D68000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D96000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D9AA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D878000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D629000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D7D0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D7EF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D94F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D791000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                                Source: AteraAgent.exe, 0000000D.00000002.2178484180.000002353996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlV
                                Source: AteraAgent.exe, 0000000D.00000002.2182517157.0000023553CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/J~J
                                Source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
                                Source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0=
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
                                Source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                                Source: AteraAgent.exe, 0000000D.00000002.2182517157.0000023553CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com:80/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlche
                                Source: AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA09D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabom
                                Source: AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA0A2F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en9
                                Source: AgentPackageSTRemote.exe, 0000001F.00000002.3358663032.0000015FC05B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://d17kmd0va0f0mp.cloudfront.net
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88030000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D75D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D7D0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D91F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://d25btwd9wax8gu.cloudfront.net
                                Source: AgentPackageAgentInformation.exe, 00000013.00000000.2360050618.00000238C2272000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dl.google.com/googletalk/googletalk-setup.exe
                                Source: AgentPackageSTRemote.exe, 0000001F.00000002.3358663032.0000015FC05B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://download.splashtop.com
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://download.sysinternals.com/Files/SysinternalsSuite.zip
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://download.sysinternals.com/Files/SysinternalsSuitex64.zip
                                Source: AgentPackageMonitoring.exe, 0000002B.00000002.2664866309.000002ADA3132000.00000002.00000001.01000000.00000024.sdmpString found in binary or memory: http://james.newtonking.com/projects/json
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://learn-powershell.net/2013/02/08/powershell-and-events-object-events/
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.2925726565.000001FADD162000.00000002.00000001.01000000.00000038.sdmpString found in binary or memory: http://logging.apache.org/log4net/release/faq.html#trouble-EventLog
                                Source: rundll32.exe, 00000011.00000003.2234462092.000000000761D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://microsoft.co
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD482000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://mirrors.kernel.org/sourceware/cygwin/
                                Source: AgentPackageSTRemote.exe, 0000001F.00000002.3358663032.0000015FC0577000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://my.splashtop.com
                                Source: AgentPackageMonitoring.exe, 0000002B.00000002.2662447376.000002ADA3052000.00000002.00000001.01000000.00000023.sdmpString found in binary or memory: http://nlog-project.org/dummynamespace/
                                Source: AgentPackageMonitoring.exe, 0000002B.00000002.2662447376.000002ADA3052000.00000002.00000001.01000000.00000023.sdmpString found in binary or memory: http://nlog-project.org/ws/
                                Source: AgentPackageMonitoring.exe, 0000002B.00000002.2662447376.000002ADA3052000.00000002.00000001.01000000.00000023.sdmpString found in binary or memory: http://nlog-project.org/ws/3
                                Source: AgentPackageMonitoring.exe, 0000002B.00000002.2662447376.000002ADA3052000.00000002.00000001.01000000.00000023.sdmpString found in binary or memory: http://nlog-project.org/ws/5
                                Source: AgentPackageMonitoring.exe, 0000002B.00000002.2662447376.000002ADA3052000.00000002.00000001.01000000.00000023.sdmpString found in binary or memory: http://nlog-project.org/ws/ILogReceiverOneWayServer/ProcessLogMessages
                                Source: AgentPackageMonitoring.exe, 0000002B.00000002.2662447376.000002ADA3052000.00000002.00000001.01000000.00000023.sdmpString found in binary or memory: http://nlog-project.org/ws/ILogReceiverServer/ProcessLogMessagesResponsep
                                Source: AgentPackageMonitoring.exe, 0000002B.00000002.2662447376.000002ADA3052000.00000002.00000001.01000000.00000023.sdmpString found in binary or memory: http://nlog-project.org/ws/ILogReceiverServer/ProcessLogMessagesT
                                Source: AgentPackageMonitoring.exe, 0000002B.00000002.2662447376.000002ADA3052000.00000002.00000001.01000000.00000023.sdmpString found in binary or memory: http://nlog-project.org/ws/T
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://nsis.sourceforge.net/Docs/AppendixD.html
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D878000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digice
                                Source: AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA0A11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com
                                Source: AteraAgent.exe, 0000000D.00000002.2182517157.0000023553C95000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2733842227.000001CCA0440000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3297945299.0000022F75CB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rh
                                Source: AteraAgent.exe, 0000000D.00000002.2182517157.0000023553C10000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2745482614.000001CCA0B00000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3297945299.0000022F75CE6000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3297945299.0000022F75CB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxX
                                Source: AteraAgent.exe, 0000000D.00000002.2181724981.000002353B619000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2182517157.0000023553C10000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2183216765.0000023553FB0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88114000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC882AD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC883AA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2733842227.000001CCA0440000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2745482614.000001CCA0B00000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88235000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2755186667.000001CCA0FA4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2754258230.000001CCA0F36000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA0A87000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87FFA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA09D9000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D68000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D858000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D96000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D90A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D64B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D9AA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D878000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                                Source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC882AD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA0A4C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2733842227.000001CCA0440000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA0A38000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2745482614.000001CCA0B00000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88235000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2755186667.000001CCA0FA4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2754258230.000001CCA0F36000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA0A87000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA09D9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2390728030.00000238DB599000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D96000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D9AA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D00000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D878000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D7D0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3280065409.0000022F758F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                                Source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC882AD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2733842227.000001CCA0440000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2745482614.000001CCA0B00000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88235000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2755186667.000001CCA0FA4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2702700714.000001CC875AB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2754258230.000001CCA0F36000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA0A87000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D96000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D9AA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D878000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D7D0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3297945299.0000022F75CE6000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D791000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D316000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D91F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                                Source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0K
                                Source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://ocsp.digicert.com0N
                                Source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://ocsp.digicert.com0O
                                Source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2182517157.0000023553C10000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC882AD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88235000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2755186667.000001CCA0FA4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2754258230.000001CCA0F36000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA0A87000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D96000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D9AA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D878000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D7D0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D791000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D39000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D316000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D91F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 00000034.00000002.3084404253.0000024FAB6DE000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 00000034.00000002.3084404253.0000024FAB6DA000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000003B.00000002.3334484189.000001D441C3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                                Source: AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA09B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
                                Source: AteraAgent.exe, 0000000D.00000002.2182517157.0000023553C95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com:80/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF
                                Source: AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA0A11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comK
                                Source: AteraAgent.exe, 0000000D.00000002.2182517157.0000023553C10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertAssuredIDRootCA.crl
                                Source: AteraAgent.exe, 0000000E.00000002.2755004700.000001CCA0F6B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3297945299.0000022F75CB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.cr
                                Source: AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA0A4C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crl
                                Source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3084404253.0000024FAB6B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://packagesstore.blob.core.windows.net
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://poshcode.org/2513
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://poshcode.org/417
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://powershell.com/cs/blogs/tips/archive/2009/02/05/validating-a-url.aspx
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88030000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D75D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D7D0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D91F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ps.atera.com
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88208000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88198000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87FE7000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D911000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D91F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ps.pndsn.com
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://pwnt.co
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://rawcdn.githack.com/
                                Source: AteraAgent.exe, 0000000D.00000002.2181724981.000002353B619000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org
                                Source: AteraAgent.exe, 0000000D.00000002.2181724981.000002353B619000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                                Source: AteraAgent.exe, 0000000D.00000002.2181724981.000002353B619000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceProcess
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD231000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                                Source: AgentPackageMonitoring.exe, 0000002B.00000002.2662447376.000002ADA3052000.00000002.00000001.01000000.00000023.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                                Source: rundll32.exe, 00000005.00000002.2111523595.0000000004594000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2111523595.00000000044F1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87D71000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2236683009.0000000004BC1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2236683009.0000000004C64000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2389956341.00000238C2C63000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5CFD1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2651999473.0000027C3213D000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2651999473.0000027C31F11000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000001F.00000002.3358663032.0000015FC0498000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2652301372.0000025EB2BBD000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2652301372.0000025EB29A1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002B.00000002.2647176737.000002AD8A64E000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000002D.00000002.2973160106.000001D187E46000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F893000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 00000034.00000002.3084404253.0000024FAB581000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD231000.00000004.00000800.00020000.00000000.sdmp, AgentPackageInternalPoller.exe, 0000003A.00000002.2860563478.0000023800020000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD231000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD87D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://somehwere/something.exe
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://somewhere.com/downloads/Install-WindowsImage.ps1
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://somewhere.com/downloads/Install-WindowsImagex64.ps1
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://somewhere123zzaafasd.invalid
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://somewhere123zzaafasd.invalidUAttempting
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://stackoverflow.com/a/13571471/18475
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6431000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://stackoverflow.com/a/15281070/18475
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://stackoverflow.com/questions/265339/whats-the-best-way-to-automate-secure-ftp-in-powershell
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://stackoverflow.com/questions/518181/too-many-automatic-redirections-were-attempted-error-messa
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6431000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://stanislavs.org/stopping-command-line-applications-programatically-with-ctrl-c-events-from-net
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://stexbar.googlecode.com/files/StExBar-1.8.3.msi
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://stexbar.googlecode.com/files/StExBar64-1.8.3.msi
                                Source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org
                                Source: rundll32.exe, 00000004.00000003.2051062600.00000000045E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.00000000042FF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004AAE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
                                Source: rundll32.exe, 00000004.00000003.2051062600.00000000045E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.00000000042FF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004AAE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/news/
                                Source: rundll32.exe, 00000004.00000003.2051062600.00000000045E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.00000000042FF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004AAE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/releases/
                                Source: AgentPackageMonitoring.exe, 0000002B.00000002.2656907086.000002ADA2DD2000.00000002.00000001.01000000.0000001F.sdmp, AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F5E9000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934FAE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.abit.com.tw/
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                                Source: AteraAgent.exe, 0000000E.00000002.2745482614.000001CCA0B00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3TS.crl0
                                Source: AteraAgent.exe, 0000000E.00000002.2733842227.000001CCA0499000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.datev.de/zertifikat-policy-int0
                                Source: AteraAgent.exe, 0000000E.00000002.2733842227.000001CCA0499000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.defence.gov.au/pki0
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88114000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC883AA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87FE7000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88235000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D858000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D90A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D64B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D7D0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D987000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS
                                Source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2181724981.000002353B619000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2182517157.0000023553C10000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2183216765.0000023553FB0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC882AD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2733842227.000001CCA0440000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2745482614.000001CCA0B00000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88235000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2755186667.000001CCA0FA4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2754258230.000001CCA0F36000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA0A87000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA09D9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D68000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D96000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D9AA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D878000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D629000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D7D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
                                Source: AteraAgent.exe, 0000000E.00000002.2755090717.000001CCA0F7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.e-szigno.hu/RootCA.crl
                                Source: AteraAgent.exe, 0000000E.00000002.2755090717.000001CCA0F7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.e-szigno.hu/RootCA.crt0
                                Source: AteraAgent.exe, 0000000E.00000002.2755090717.000001CCA0F7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.e-szigno.hu/SZSZ/0
                                Source: AteraAgent.exe, 0000000E.00000002.2733842227.000001CCA0499000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.e-trust.be/CPS/QNcerts
                                Source: AteraAgent.exe, 0000000E.00000002.2753676521.000001CCA0F07000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.echoworx.com/ca/root2/cps.pdf0
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://www.gnu.org/
                                Source: AteraAgent.exe, 0000000E.00000002.2755090717.000001CCA0F7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.informatik.admin.ch/PKI/links/CPS_2_16_756_1_17_3_1_0.pdf0
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://www.jeremyskinner.co.uk/2010/03/07/using-git-with-windows-powershell/
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupexitcodes
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D7EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.nlog-project.org/schemas/NLog.xsd
                                Source: AteraAgent.exe, 0000000E.00000002.2754258230.000001CCA0F4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0
                                Source: AteraAgent.exe, 0000000E.00000002.2755090717.000001CCA0F7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ssc.lt/cps03
                                Source: AteraAgent.exe, 0000000D.00000002.2181724981.000002353B619000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.o
                                Source: AteraAgent.exe, 0000000D.00000002.2181724981.000002353B619000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.oh
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD598000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD442000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD733000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD482000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.or
                                Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2651999473.0000027C3213D000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2652301372.0000025EB2C6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.P
                                Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2651999473.0000027C321A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.PP
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88208000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.PZL
                                Source: AgentPackageAgentInformation.exe, 00000024.00000002.2652301372.0000025EB2BBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.Pj
                                Source: rundll32.exe, 00000005.00000002.2111523595.0000000004594000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.aterD
                                Source: rundll32.exe, 00000011.00000002.2236683009.0000000004C64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.aterDf
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87FE7000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88030000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AB3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2236683009.0000000004BC1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2236683009.0000000004C64000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2389956341.00000238C2C63000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D316000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2651999473.0000027C3213D000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2651999473.0000027C31F11000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2651999473.0000027C320D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2651999473.0000027C3210C000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2652301372.0000025EB2BBD000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2652301372.0000025EB2B51000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2652301372.0000025EB2B8F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2652301372.0000025EB29A1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002B.00000002.2647176737.000002AD8A64E000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000002D.00000002.2973160106.000001D187E46000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F796000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F893000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD7AA000.00000004.00000800.00020000.00000000.sdmp, AgentPackageInternalPoller.exe, 0000003A.00000002.2860563478.000002380011E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com
                                Source: rundll32.exe, 00000004.00000003.2051062600.00000000045E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2111523595.0000000004594000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.00000000042FF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2111523595.00000000044F1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004AAE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AB3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2236683009.0000000004BC1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2236683009.0000000004C64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/
                                Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2651999473.0000027C321A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Prh
                                Source: AgentPackageAgentInformation.exe, 00000024.00000002.2652301372.0000025EB2C6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/PrhX
                                Source: AgentPackageAgentInformation.exe, 00000013.00000002.2389956341.00000238C2C63000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2651999473.0000027C320D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2651999473.0000027C3210C000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2652301372.0000025EB2B51000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2652301372.0000025EB2B8F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000002D.00000002.2973160106.000001D187E46000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production
                                Source: rundll32.exe, 00000004.00000003.2051062600.00000000045E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2111523595.0000000004594000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.00000000042FF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2111523595.00000000044F1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004AAE000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88114000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87FE7000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88030000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AB3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2236683009.0000000004BC1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2236683009.0000000004C64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88208000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/Acknowl
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/AcknowledgeCommands
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/AgentStarting
                                Source: AgentPackageAgentInformation.exe, 00000013.00000002.2389956341.00000238C2C63000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/CommandResult
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87DF4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommands
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87E20000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommandsFallback
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetEnvironmentStatus
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurringPackages
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D316000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/Trace
                                Source: AgentPackageInternalPoller.exe, 0000003A.00000002.2860563478.0000023800020000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/agentMonitoredDevices/efdd2c58-d53a-48e0-bd64-b73430c78
                                Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2651999473.0000027C3213D000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2652301372.0000025EB2BBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/dynamic-fields/
                                Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2651999473.0000027C3213D000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2651999473.0000027C31F11000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2652301372.0000025EB2BBD000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2652301372.0000025EB29A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/dynamic-fields/script-based
                                Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2651999473.0000027C321A6000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2652301372.0000025EB2C6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/guiComm
                                Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2651999473.0000027C31FA4000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2651999473.0000027C321A6000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2652301372.0000025EB2A23000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2652301372.0000025EB2C6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/guiCommandResult
                                Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2651999473.0000027C320D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2651999473.0000027C3210C000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2652301372.0000025EB2B51000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2652301372.0000025EB2B8F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000002D.00000002.2973160106.000001D187E46000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/recurringCommandResult
                                Source: AgentPackageMonitoring.exe, 0000002B.00000002.2647176737.000002AD8A64E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/thresholds/efdd2c58-d53a-48e0-bd64-b73430c78939
                                Source: rundll32.exe, 00000005.00000002.2111523595.0000000004594000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2111523595.00000000044F1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2236683009.0000000004BC1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2236683009.0000000004C64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/track-event
                                Source: rundll32.exe, 00000005.00000002.2111523595.00000000045D6000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2236683009.0000000004CA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/track-event;
                                Source: AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F893000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Alerts/AddAlertsFromAgent
                                Source: AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F9A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/monitoring/v1/MonitoringPackage/AddAgentMetrics
                                Source: AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/dotnet-core-applaunch?
                                Source: AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/dotnet-core-applaunch?You
                                Source: AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/dotnet/app-launch-failed
                                Source: AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/dotnet/app-launch-failed&gui=trueShowing
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://bit.ly/1duJ9bM).
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://bit.ly/1g0R3Os).
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://bitbucket.org/jonforums/uru)
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://ch0.co/moderation
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://ch0.co/nexus2apikey).
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://ch0.co/packages_config
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://chocolatey.org).
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD231000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://chocolatey.org/
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://chocolatey.org/9https://push.chocolatey.org/Chttps://community.chocolatey.org/Qhttps://commu
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://chocolatey.org/compare
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://chocolatey.org/compare.
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD482000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chocolatey.org/compare0
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://chocolatey.org/comparekThis
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://chocolatey.org/contact.
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://community.chocolatey.org)
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD231000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.chocolatey.org/
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://community.chocolatey.org/api/v2
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD63F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://community.chocolatey.org/api/v2/
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://community.chocolatey.org/api/v2/.
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.chocolatey.org/api/v2/0
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD231000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD87D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.chocolatey.org/api/v2/8
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD733000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.chocolatey.org/api/v2/P
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://community.chocolatey.org/packages)
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://community.chocolatey.org/packages).
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://community.chocolatey.org/packages/autohotkey.portable
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://community.chocolatey.org/packages/checksum)
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://community.chocolatey.org/packages/checksum.
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://community.chocolatey.org/packages/chocolatey-core.extension
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://community.chocolatey.org/packages/pik)
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://community.chocolatey.org/packages?q=id%3A.extension
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/choco/commands/uninstall
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD482000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/choco/setup#non-administrative-install
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/community-repository/community-packages-disclaimer
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/community-repository/moderation/
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/create/automatic-packages
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/create/automatic-packages#automatic-updater-au
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/create/automatic-packages)
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/create/create-packages
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/create/create-packages#how-do-i-exclude-executables-from-getting-s
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/create/create-packages#how-do-i-set-up-shims-for-applications-that
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/create/create-packages#package-icon-guidelines
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/create/functions
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/get-chocolateyunzipp
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/get-chocolateywebfile
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/get-osarchitecturewidth
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/get-toolslocation
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/install-binfile
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/install-chocolateyenvironmentvariable
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/install-chocolateyfileassociation
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/install-chocolateyinstallpackage
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/install-chocolateypackage
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/install-chocolateypath
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/install-chocolateyshortcut
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/install-chocolateyvsixpackage
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/install-chocolateyzippackage
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/start-chocolateyprocessasadmin
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/uninstall-binfile
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/uninstall-chocolateyenvironmentvariable
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/uninstall-chocolateypackage
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/create/functions/uninstall-chocolateyzippackage
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/features/extensions
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/features/private-cdn.
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/getting-started#overriding-default-install-directory-or-other-adva
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/guides/create/create-custom-package-templates
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/guides/create/mount-an-iso-in-chocolatey-package
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/guides/create/parse-packageparameters-argument
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/guides/create/parse-packageparameters-argument#step-3---use-core-c
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/information/legal.
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.chocolatey.org/en-us/troubleshooting
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.nuget.org/create/Nuspec-Reference.
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.nuget.org/create/versioning#creating-prerelease-packages
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://docs.nuget.org/create/versioning#specifying-version-ranges-in-.nuspec-files
                                Source: AgentPackageSTRemote.exe, 0000001F.00000002.3358663032.0000015FC059D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://download.splashtop.com
                                Source: AgentPackageSTRemote.exe, 0000001F.00000002.3358663032.0000015FC059D000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000001F.00000002.3358663032.0000015FC0577000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000001F.00000002.3358663032.0000015FC0599000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://download.splashtop.com/csrs/Splashtop_Streamer_Win_DEPLOY_INSTALLER_v3.7.2.3.exe
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6431000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://gist.github.com/jvshahid/6fb2f91fa7fb1db23599
                                Source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88235000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2390522823.00000238DB462000.00000002.00000001.01000000.00000019.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D791000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002B.00000002.2664866309.000002ADA3132000.00000002.00000001.01000000.00000024.sdmpString found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://github.com/chocolatey/choco/blob/bfe351b7d10c798014efe4bfbb100b171db25099/src/chocolatey/inf
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://github.com/chocolatey/choco/issues/1800#issuecomment-484293844.
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://github.com/chocolatey/choco/issues/new/choose.
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://github.com/chocolatey/chocolatey
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://github.com/chocolatey/chocolatey-coreteampackages
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://github.com/chocolatey/chocolatey-test-environment
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://github.com/chocolatey/chocolatey-workshop
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://github.com/chocolatey/shimgen/tree/master/shim.
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://github.com/dahlbyk/posh-git
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://github.com/dahlbyk/posh-git/blob/1941da2472eb668cde2d6a5fc921d5043a024386/LICENSE.txt
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D878000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D878000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000003B.00000002.3334484189.000001D441C3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf8
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D7D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/32b491939fbd125f304031c35038b1e14b4e3958
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D7D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/32b491939fbd125f304031c35038b1e14b4e39588
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D316000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/roslyn/issues/46646
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D316000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/runtime/issues/73124.
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://github.com/downloads/spraints/git-tfs/GitTfs-0.11.0.zip
                                Source: AteraAgent.exe, 0000000E.00000002.2750525974.000001CCA0E02000.00000002.00000001.01000000.00000027.sdmpString found in binary or memory: https://github.com/icsharpcode/SharpZipLib
                                Source: AgentPackageInternalPoller.exe, 0000003A.00000002.2910721127.000002386FC92000.00000002.00000001.01000000.00000035.sdmpString found in binary or memory: https://github.com/lextudio/sharpsnmplib.git
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://github.com/majkinetor/au-packages/commit/bf95d56fe5851ee2e4f6f15f79c1a2877a7950a1
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D7EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/nlog/NLog/wiki/Configuration-file#variables
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D7EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/nlog/NLog/wiki/Layout-Renderers
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D7EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/nlog/NLog/wiki/Targets
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D7EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/nlog/nlog/wiki/Configuration-file
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD231000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://licensedpackages.chocolatey.org/api/v2/
                                Source: AgentPackageSTRemote.exe, 0000001F.00000002.3358663032.0000015FC0572000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000001F.00000002.3358663032.0000015FC0498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://my.splashtop.com
                                Source: AgentPackageSTRemote.exe, 0000001F.00000000.2431897307.0000015FBFB92000.00000002.00000001.01000000.0000001A.sdmp, AgentPackageSTRemote.exe, 0000001F.00000002.3358663032.0000015FC0498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://my.splashtop.com/csrs/win
                                Source: AgentPackageMonitoring.exe, 0000002B.00000002.2662447376.000002ADA3052000.00000002.00000001.01000000.00000023.sdmp, AgentPackageMonitoring.exe, 0000002B.00000002.2664762575.000002ADA3128000.00000002.00000001.01000000.00000023.sdmpString found in binary or memory: https://nlog-project.org/
                                Source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3084404253.0000024FAB6B2000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 00000034.00000002.3084404253.0000024FAB581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://packagesstore.blob.core.windows.net
                                Source: AgentPackageUpgradeAgent.exe, 00000034.00000000.2748557710.0000024FAAC22000.00000002.00000001.01000000.00000026.sdmpString found in binary or memory: https://packagesstore.blob.core.windows.net/installers/Agents/Mac/
                                Source: AteraAgent.exe, 0000000E.00000002.2755186667.000001CCA0FA4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2451905347.000001617CB62000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://packagesstore.blob.core.windows.net/installers/BitDefender/rmm.zip
                                Source: AgentPackageUpgradeAgent.exe, 00000034.00000000.2748557710.0000024FAAC22000.00000002.00000001.01000000.00000026.sdmp, AgentPackageUpgradeAgent.exe, 00000034.00000002.3084404253.0000024FAB581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://packagesstore.blob.core.windows.net/installers/Fabric
                                Source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3084404253.0000024FAB581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://packagesstore.blob.core.windows.net/installers/Fabric/MSI/1.8.7.2/Setupx64.msi
                                Source: AgentPackageUpgradeAgent.exe, 00000034.00000000.2748557710.0000024FAAC22000.00000002.00000001.01000000.00000026.sdmpString found in binary or memory: https://packagesstore.blob.core.windows.net/installers/Fabric/MacAgent/1.0/AteraAgentInstaller.pkgA/
                                Source: AgentPackageUpgradeAgent.exe, 00000034.00000000.2748557710.0000024FAAC22000.00000002.00000001.01000000.00000026.sdmpString found in binary or memory: https://packagesstore.blob.core.windows.net/installers/Fabric5Get
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D99E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D91F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.ateH
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D91F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.ateHBT
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88016000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.c
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88198000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88030000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87F0A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D75D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D754000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D99E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D91F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88114000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/a
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88114000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/ag
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.13/AgentPackageA
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.13/AgentPackageAgentI
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88016000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageMonitoring/0.40/AgentPackageMonitoring.z
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageSTRemote/2.3/AgentPackageSTRemote.zip
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageSTRemote/2.3/AgentPackageSTRemote.ziph
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87DC7000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D033000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88030000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageAgentInformation/37.9/AgentPackageAgentInformation
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88114000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88016000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageMonitoring/37.8/AgentPackageMonitoring.zip
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88114000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageMonitoring/37.8/AgentPackageMonitoring.ziph
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87DC7000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D033000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageNetworkDiscovery/13.0/AgentPackageNetworkDiscovery
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87DC7000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D033000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageRuntimeInstaller/1.5/AgentPackageRuntimeInstaller.
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageSTRemote/23.4/AgentPackageSTRemote.zip
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageSTRemote/23.4/AgentPackageSTRemote.ziph
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87DC7000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D033000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageTaskScheduler/13.0/AgentPackageTaskScheduler.zip
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Availability/0.16/Agent.Package.Availability.z
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87E82000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87DC7000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D033000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87E82000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/1.7/Agent.Package.Watchdog.zip
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D316000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/1.7/Agent.Package.Watchdog.zip?1rBvY9
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87E82000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageADRemote/6.0/AgentPackageADRemote.zip
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D316000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageADRemote/6.0/AgentPackageADRemote.zip?1rBvY94KQV
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/37.9/AgentPackageAgentInformati
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87E82000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageHeartbeat/17.14/AgentPackageHeartbeat.zip
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D75D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageHeartbeat/17.14/AgentPackageHeartbeat.zip?1rBvY9
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageInternalPoller/23.8/AgentPackageInternalPoller.z
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87E82000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMarketplace/1.6/AgentPackageMarketplace.zip
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D75D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D2E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMarketplace/1.6/AgentPackageMarketplace.zip?1rBv
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMonitoring/37.8/AgentPackageMonitoring.zip
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88114000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMonitoring/37.8/AgentPackageMonitoring.zip?1rBvY
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88114000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMonitoring/37.8/AgentPackageMonitoring.ziph
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87E82000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87DC7000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D033000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageNetworkDiscovery/23.9/AgentPackageNetworkDiscove
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87E82000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageOsUpdates/20.1/AgentPackageOsUpdates.zip
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageOsUpdates/20.1/AgentPackageOsUpdates.zip?1rBvY94
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageProgramManagement/26.0/AgentPackageProgramManage
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87E82000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87DC7000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D033000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D754000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D316000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageRuntimeInstaller/1.6/AgentPackageRuntimeInstalle
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88030000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/23.4/AgentPackageSTRemote.zip
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/23.4/AgentPackageSTRemote.zip?1rBvY94KQ
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/23.4/AgentPackageSTRemote.ziph
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87E82000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSystemTools/27.6/AgentPackageSystemTools.zip
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D28C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSystemTools/27.6/AgentPackageSystemTools.zip?1rB
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87E82000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87DC7000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D033000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTaskScheduler/17.2/AgentPackageTaskScheduler.zip
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87E82000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTicketing/30.1/AgentPackageTicketing.zip
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87E82000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageUpgradeAgent/27.2/AgentPackageUpgradeAgent.zip
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageUpgradeAgent/27.2/AgentPackageUpgradeAgent.zip?1
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87E82000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87DC7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageWindowsUpdate/24.6/AgentPackageWindowsUpdate.zip
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87DC7000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D033000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.IotPoc/13.0/Agent.Package.IotPoc.zip
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88030000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageAgentInformation/22.7/AgentPackageAgentInformation
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88030000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageMonitoring/22.0/AgentPackageMonitoring.zip
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87DC7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageNetworkDiscovery/15.0/AgentPackageNetworkDiscovery
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87DC7000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D033000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageRuntimeInstaller/13.0/AgentPackageRuntimeInstaller
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageSTRemote/16.0/AgentPackageSTRemote.zip
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87DC7000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D033000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageTaskScheduler/13.1/AgentPackageTaskScheduler.zip
                                Source: AteraAgent.exe, 0000000E.00000002.2754258230.000001CCA0F36000.00000004.00000020.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000001F.00000000.2431897307.0000015FBFB92000.00000002.00000001.01000000.0000001A.sdmp, AgentPackageSTRemote.exe, 0000001F.00000002.3358663032.0000015FC0498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/installers/splashtop/win/SplashtopStreamer.exe
                                Source: AteraAgent.exe, 0000000E.00000002.2754258230.000001CCA0F36000.00000004.00000020.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000001F.00000000.2431897307.0000015FBFB92000.00000002.00000001.01000000.0000001A.sdmpString found in binary or memory: https://ps.atera.com/installers/splashtop/win/SplashtopStreamer.exepUsers/Shared/Splashtop
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88208000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88198000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87FE7000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC881A4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87FFA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D911000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88208000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88198000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87FE7000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC881A4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87E20000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87FFA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D058000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D911000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D91F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88208000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=06226d28-058d-47ba-ad94-3928798c6f38
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D911000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=1a79ce2d-b90d-44aa-83db-5a06aedbad9e
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=212b725f-a5ab-46b3-acc8-706478c51598
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D058000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=43463a6d-b947-410c-994f-8eb0af3718dc
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87FE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=5b29ac19-d050-4e27-a982-8fd5346ae096
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88198000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=5dc39a8c-b1ee-44e7-899b-c955f55db038
                                Source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D911000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/efdd2c58
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87FFA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/efdd2c58-d53a-48e0-bd64
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://push.chocolatey.org
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD231000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://push.chocolatey.org/
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://raw.github.com/ferventcoder/checksum/master/LICENSE
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://raw.githubusercontent.com/wiki/chocolatey/choco/images/gifs/choco_config.gif
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://raw.githubusercontent.com/wiki/chocolatey/choco/images/gifs/choco_install.gif
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://raw.githubusercontent.com/wiki/chocolatey/choco/images/gifs/choco_outdated.gif
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://raw.githubusercontent.com/wiki/chocolatey/choco/images/gifs/choco_search.gif
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://raw.githubusercontent.com/wiki/chocolatey/choco/images/gifs/choco_uninstall.gif
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://raw.githubusercontent.com/wiki/chocolatey/choco/images/gifs/choco_upgrade.gif
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://raw.githubusercontent.com/wiki/chocolatey/choco/images/gifs/chocopro_install_stopped.gif
                                Source: AteraAgent.exe, 0000000E.00000002.2755090717.000001CCA0F7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rca.e-szigno.hu/ocsp0-
                                Source: AteraAgent.exe, 0000000E.00000002.2755004700.000001CCA0F6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://repository.tsp.zetes.com0
                                Source: AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ods.opinsights.azure.com/api/logs?api-version=2016-04-01
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://sevenzip.osdn.jp/chm/general/formats.htm
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://somelocation.com/
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://somelocation.com/thefile.exe
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://somewhere.com/file-x64.msi
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://somewhere.com/file.msi
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://somewhere.com/file.mst
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://somewhere/bob-x64.exe
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://somewhere/bob.exe
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://somewhere/out/there.msi
                                Source: AgentPackageMonitoring.exe, 0000002B.00000002.2661494817.000002ADA2FE2000.00000002.00000001.01000000.00000022.sdmpString found in binary or memory: https://system.data.sqlite.org/
                                Source: AgentPackageMonitoring.exe, 0000002B.00000002.2662362666.000002ADA3044000.00000002.00000001.01000000.00000022.sdmpString found in binary or memory: https://system.data.sqlite.org/X
                                Source: AgentPackageMonitoring.exe, 0000002B.00000002.2661494817.000002ADA2FE2000.00000002.00000001.01000000.00000022.sdmpString found in binary or memory: https://urn.to/r/sds_see
                                Source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD482000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://www.howsmyssl.com/
                                Source: AteraAgent.exe, 0000000E.00000002.2755186667.000001CCA0FA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.netlock.hu/docs/
                                Source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.newtonsoft.com/json
                                Source: AgentPackageMonitoring.exe, 0000002B.00000002.2664866309.000002ADA3132000.00000002.00000001.01000000.00000024.sdmpString found in binary or memory: https://www.newtonsoft.com/jsonschema
                                Source: AgentPackageMonitoring.exe, 0000002B.00000002.2662447376.000002ADA3052000.00000002.00000001.01000000.00000023.sdmp, AgentPackageMonitoring.exe, 0000002B.00000002.2664762575.000002ADA3128000.00000002.00000001.01000000.00000023.sdmpString found in binary or memory: https://www.nuget.org/packages/NLog.Web.AspNetCore
                                Source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88235000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2390522823.00000238DB462000.00000002.00000001.01000000.00000019.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D791000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002B.00000002.2664866309.000002ADA3132000.00000002.00000001.01000000.00000024.sdmpString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
                                Source: AgentPackageMonitoring.exeString found in binary or memory: https://www.sqlite.org/copyright.html
                                Source: AgentPackageMonitoring.exe, 0000002B.00000002.2695938419.00007FF89F7F4000.00000002.00000001.01000000.0000001E.sdmpString found in binary or memory: https://www.sqlite.org/copyright.html2
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1Jump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944Jump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BA74182F76F15A9CF514DEF352303C95Jump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4Jump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBJump to dropped file

                                Spam, unwanted Advertisements and Ransom Demands

                                barindex
                                Reads the Security eventlog
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\AteraAgent
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\AlphaAgent
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                                Reads the System eventlog
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\AlphaAgent
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3f511b.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI52D0.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI591B.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6D01.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{E732A0D7-A2F2-4657-AC41-B19742648E45}Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI71D5.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI71D6.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7273.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI735E.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3f511d.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3f511d.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8958.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3f511e.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8A01.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8EF3.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9C62.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA750.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA770.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA9F1.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIAA9E.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{6B2921FF-79C1-4EBF-81B4-C606D4E5BEF4}Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC28C.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC28D.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC369.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC3C8.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3f512a.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3f512a.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICB0C.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3f512b.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDBE6.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{C79F6EEC-3A2B-487D-A3B6-EDF4057B4E4B}Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDD5E.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3f512e.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3f512e.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEBF.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3f512f.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1057.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{E91F8AC1-4917-455E-AACA-B40B193C7A62}Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI11A0.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3f5132.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3f5132.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1337.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3f5133.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI152C.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{C59601A1-771B-426B-A9F7-6CACCAC4DB4E}Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1665.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3f5136.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3f5136.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1C04.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1D6C.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1EF4.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1F82.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI21D4.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI231D.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI238C.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI26AA.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2718.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2786.tmpJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI52D0.tmp-Jump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI52D0.tmp-\AlphaControlAgentInstallation.dllJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI52D0.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI52D0.tmp-\Newtonsoft.Json.dllJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI52D0.tmp-\System.Management.dllJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI52D0.tmp-\CustomAction.configJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI591B.tmp-Jump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI591B.tmp-\AlphaControlAgentInstallation.dllJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI591B.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI591B.tmp-\Newtonsoft.Json.dllJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI591B.tmp-\System.Management.dllJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI591B.tmp-\CustomAction.configJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6D01.tmp-
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6D01.tmp-\AlphaControlAgentInstallation.dll
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6D01.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6D01.tmp-\Newtonsoft.Json.dll
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6D01.tmp-\System.Management.dll
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6D01.tmp-\CustomAction.config
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\InstallUtil.InstallLog
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BA74182F76F15A9CF514DEF352303C95
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BA74182F76F15A9CF514DEF352303C95
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI8958.tmp-
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI8958.tmp-\AlphaControlAgentInstallation.dll
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI8958.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI8958.tmp-\Newtonsoft.Json.dll
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI8958.tmp-\System.Management.dll
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI8958.tmp-\CustomAction.config
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageMonitoring.exe.log
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageProgramManagement.exe.log
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageInternalPoller.exe.log
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageUpgradeAgent.exe.log
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageSystemTools.exe.log
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageOsUpdates.exe.log
                                Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI52D0.tmpJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_044600405_3_04460040
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_044671D05_3_044671D0
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_3_070059A86_3_070059A8
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_3_070050B86_3_070050B8
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_3_07004D686_3_07004D68
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FF848A8C92213_2_00007FF848A8C922
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FF848A8596C13_2_00007FF848A8596C
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FF848A8829513_2_00007FF848A88295
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FF848A80C1D13_2_00007FF848A80C1D
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FF848A8BB7613_2_00007FF848A8BB76
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FF848A80C8913_2_00007FF848A80C89
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 14_2_00007FF848AA1D9A14_2_00007FF848AA1D9A
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 14_2_00007FF848A90D4214_2_00007FF848A90D42
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 14_2_00007FF848A99AF214_2_00007FF848A99AF2
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 14_2_00007FF848A99C5014_2_00007FF848A99C50
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 14_2_00007FF848CB51B814_2_00007FF848CB51B8
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 14_2_00007FF848CA66BC14_2_00007FF848CA66BC
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 14_2_00007FF848CA166214_2_00007FF848CA1662
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 14_2_00007FF848CAF74114_2_00007FF848CAF741
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 14_2_00007FF848CB51BD14_2_00007FF848CB51BD
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 14_2_00007FF848CB51A014_2_00007FF848CB51A0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 14_2_00007FF848CADEF214_2_00007FF848CADEF2
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_3_0708004017_3_07080040
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 19_2_00007FF848A9FA9419_2_00007FF848A9FA94
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 19_2_00007FF848AB047D19_2_00007FF848AB047D
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 19_2_00007FF848A9868219_2_00007FF848A98682
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 19_2_00007FF848AA108C19_2_00007FF848AA108C
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 19_2_00007FF848A978D619_2_00007FF848A978D6
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 19_2_00007FF848A9182819_2_00007FF848A91828
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 19_2_00007FF848A912FA19_2_00007FF848A912FA
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 19_2_00007FF848A9BDB019_2_00007FF848A9BDB0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 19_2_00007FF848AA10C019_2_00007FF848AA10C0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 21_2_00007FF848A818D021_2_00007FF848A818D0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 21_2_00007FF848A812FB21_2_00007FF848A812FB
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 21_2_00007FF848A8246B21_2_00007FF848A8246B
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 23_2_00007FF848A8EB3823_2_00007FF848A8EB38
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 23_2_00007FF848A8A4D023_2_00007FF848A8A4D0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 23_2_00007FF848A91DD823_2_00007FF848A91DD8
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 23_2_00007FF848A80D4223_2_00007FF848A80D42
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 23_2_00007FF848C9354823_2_00007FF848C93548
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 23_2_00007FF848C9313B23_2_00007FF848C9313B
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 23_2_00007FF848CA5ECC23_2_00007FF848CA5ECC
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 23_2_00007FF848C9369023_2_00007FF848C93690
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 23_2_00007FF848C9ABCE23_2_00007FF848C9ABCE
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 23_2_00007FF848C9BC2523_2_00007FF848C9BC25
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 26_2_00007FF848A8895626_2_00007FF848A88956
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 26_2_00007FF848A8CE0926_2_00007FF848A8CE09
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 26_2_00007FF848A840F826_2_00007FF848A840F8
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 26_2_00007FF848A812FB26_2_00007FF848A812FB
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 26_2_00007FF848A8C47F26_2_00007FF848A8C47F
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 26_2_00007FF848AA66B026_2_00007FF848AA66B0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 26_2_00007FF848A8970226_2_00007FF848A89702
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 26_2_00007FF848A8183526_2_00007FF848A81835
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 26_2_00007FF848A95B3126_2_00007FF848A95B31
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 26_2_00007FF848AA009826_2_00007FF848AA0098
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeCode function: 31_2_00007FF848AA52FA31_2_00007FF848AA52FA
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeCode function: 31_2_00007FF848AA847631_2_00007FF848AA8476
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeCode function: 31_2_00007FF848AA15FD31_2_00007FF848AA15FD
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeCode function: 31_2_00007FF848AA6F5931_2_00007FF848AA6F59
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeCode function: 31_2_00007FF848A911F231_2_00007FF848A911F2
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeCode function: 31_2_00007FF848A912DF31_2_00007FF848A912DF
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeCode function: 31_2_00007FF848A913F231_2_00007FF848A913F2
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeCode function: 31_2_00007FF848A9659031_2_00007FF848A96590
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeCode function: 31_2_00007FF848A90ED331_2_00007FF848A90ED3
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeCode function: 31_2_00007FF848A906D331_2_00007FF848A906D3
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeCode function: 31_2_00007FF848A9074031_2_00007FF848A90740
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeCode function: 31_2_00007FF848A9108031_2_00007FF848A91080
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeCode function: 31_2_00007FF848A9083831_2_00007FF848A90838
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 36_2_00007FF848A8895636_2_00007FF848A88956
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 36_2_00007FF848A812FB36_2_00007FF848A812FB
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 36_2_00007FF848A8970236_2_00007FF848A89702
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 36_2_00007FF848A9D35036_2_00007FF848A9D350
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 36_2_00007FF848A8073036_2_00007FF848A80730
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 36_2_00007FF848AB84EA36_2_00007FF848AB84EA
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 36_2_00007FF848AB8D3836_2_00007FF848AB8D38
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 36_2_00007FF848ABA9BD36_2_00007FF848ABA9BD
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 36_2_00007FF848ABAA3D36_2_00007FF848ABAA3D
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 36_2_00007FF848ABCAFD36_2_00007FF848ABCAFD
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 36_2_00007FF848ABC35036_2_00007FF848ABC350
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F7820E043_2_00007FF89F7820E0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6DB88043_2_00007FF89F6DB880
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F78696043_2_00007FF89F786960
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F7901E043_2_00007FF89F7901E0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6EA0C043_2_00007FF89F6EA0C0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6F40A043_2_00007FF89F6F40A0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F689F3043_2_00007FF89F689F30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F667F3043_2_00007FF89F667F30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6E5F2043_2_00007FF89F6E5F20
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F697E7043_2_00007FF89F697E70
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F665E5043_2_00007FF89F665E50
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F683E1043_2_00007FF89F683E10
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6AFEF043_2_00007FF89F6AFEF0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6EFED043_2_00007FF89F6EFED0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F657EC043_2_00007FF89F657EC0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6D3EB043_2_00007FF89F6D3EB0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6F7EA043_2_00007FF89F6F7EA0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F705EA043_2_00007FF89F705EA0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F727D2043_2_00007FF89F727D20
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F72DCC043_2_00007FF89F72DCC0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F73BCD043_2_00007FF89F73BCD0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F699CF043_2_00007FF89F699CF0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F793C2043_2_00007FF89F793C20
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F73DB8043_2_00007FF89F73DB80
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6B7B3043_2_00007FF89F6B7B30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F67BBE043_2_00007FF89F67BBE0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F699BA043_2_00007FF89F699BA0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F689A6043_2_00007FF89F689A60
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F707A6043_2_00007FF89F707A60
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6F3AF043_2_00007FF89F6F3AF0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F685AD043_2_00007FF89F685AD0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F67D91043_2_00007FF89F67D910
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6BB9F043_2_00007FF89F6BB9F0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F66D83043_2_00007FF89F66D830
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6B18DA43_2_00007FF89F6B18DA
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F7A184043_2_00007FF89F7A1840
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F69D77043_2_00007FF89F69D770
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F79F79043_2_00007FF89F79F790
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6F772043_2_00007FF89F6F7720
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6AF78043_2_00007FF89F6AF780
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6BB64743_2_00007FF89F6BB647
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F66564043_2_00007FF89F665640
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F69F63043_2_00007FF89F69F630
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F65D63443_2_00007FF89F65D634
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F7456D043_2_00007FF89F7456D0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6C36E043_2_00007FF89F6C36E0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6F169043_2_00007FF89F6F1690
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F65955C43_2_00007FF89F65955C
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F65347443_2_00007FF89F653474
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6574B043_2_00007FF89F6574B0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6EB37043_2_00007FF89F6EB370
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6ED35043_2_00007FF89F6ED350
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F65F34043_2_00007FF89F65F340
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F72F3E043_2_00007FF89F72F3E0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6793D043_2_00007FF89F6793D0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6CF22043_2_00007FF89F6CF220
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F76320043_2_00007FF89F763200
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F65D28443_2_00007FF89F65D284
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6E917043_2_00007FF89F6E9170
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6BF1B043_2_00007FF89F6BF1B0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6511B043_2_00007FF89F6511B0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F69902043_2_00007FF89F699020
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F7850F043_2_00007FF89F7850F0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6EEFD043_2_00007FF89F6EEFD0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F69AFB043_2_00007FF89F69AFB0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F662F8C43_2_00007FF89F662F8C
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F67CE7043_2_00007FF89F67CE70
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6B0E3043_2_00007FF89F6B0E30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F65CEA843_2_00007FF89F65CEA8
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6D6D2043_2_00007FF89F6D6D20
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6C4D0043_2_00007FF89F6C4D00
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F718D2043_2_00007FF89F718D20
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F7A0D3043_2_00007FF89F7A0D30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F654DB443_2_00007FF89F654DB4
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F78CD6043_2_00007FF89F78CD60
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F784C8043_2_00007FF89F784C80
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6FCC0043_2_00007FF89F6FCC00
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F69ACD043_2_00007FF89F69ACD0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F666CC043_2_00007FF89F666CC0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6CCB5043_2_00007FF89F6CCB50
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F73AB0043_2_00007FF89F73AB00
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6A8B9043_2_00007FF89F6A8B90
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F698A6043_2_00007FF89F698A60
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F658A3C43_2_00007FF89F658A3C
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F71AA7043_2_00007FF89F71AA70
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F676A8043_2_00007FF89F676A80
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F74691043_2_00007FF89F746910
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6AE99043_2_00007FF89F6AE990
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F66886043_2_00007FF89F668860
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F65E80C43_2_00007FF89F65E80C
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6528C043_2_00007FF89F6528C0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6A88A043_2_00007FF89F6A88A0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F71686043_2_00007FF89F716860
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F66273843_2_00007FF89F662738
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F66E72043_2_00007FF89F66E720
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6EA7E043_2_00007FF89F6EA7E0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F78C68043_2_00007FF89F78C680
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6D060043_2_00007FF89F6D0600
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F70E59043_2_00007FF89F70E590
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F73659043_2_00007FF89F736590
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6D455043_2_00007FF89F6D4550
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F78E5B043_2_00007FF89F78E5B0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F70A5D043_2_00007FF89F70A5D0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F65A52443_2_00007FF89F65A524
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F7705D043_2_00007FF89F7705D0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6A051043_2_00007FF89F6A0510
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6585D443_2_00007FF89F6585D4
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6644DC43_2_00007FF89F6644DC
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6B64A043_2_00007FF89F6B64A0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F67033043_2_00007FF89F670330
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F67231043_2_00007FF89F672310
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F71831043_2_00007FF89F718310
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6C224043_2_00007FF89F6C2240
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6FA2F043_2_00007FF89F6FA2F0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F70C22043_2_00007FF89F70C220
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6F22B043_2_00007FF89F6F22B0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6DC11043_2_00007FF89F6DC110
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF848A75D0F43_2_00007FF848A75D0F
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF848A7BD6143_2_00007FF848A7BD61
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF848A7D12643_2_00007FF848A7D126
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF848DA12CF43_2_00007FF848DA12CF
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF848DA3C7143_2_00007FF848DA3C71
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF848DA4D1743_2_00007FF848DA4D17
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF848DA169E43_2_00007FF848DA169E
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF848DA12FB43_2_00007FF848DA12FB
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF848DA0CB043_2_00007FF848DA0CB0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF848D9950543_2_00007FF848D99505
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF848E6346A43_2_00007FF848E6346A
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF848E64F8843_2_00007FF848E64F88
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF848E6F37843_2_00007FF848E6F378
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF848E60B7743_2_00007FF848E60B77
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF848E6F45843_2_00007FF848E6F458
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF848E756D843_2_00007FF848E756D8
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF848E79A5843_2_00007FF848E79A58
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF849006A6743_2_00007FF849006A67
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF849013DF543_2_00007FF849013DF5
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF84900C86C43_2_00007FF84900C86C
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF849009C6543_2_00007FF849009C65
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF8490004C943_2_00007FF8490004C9
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF849013F8043_2_00007FF849013F80
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: String function: 00007FF89F7A1B70 appears 102 times
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: String function: 00007FF89F7A1D30 appears 114 times
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: String function: 00007FF89F7A06B0 appears 145 times
                                Source: System.Net.ServicePoint.dll.1.drStatic PE information: No import functions for PE file found
                                Source: System.Net.Http.Json.dll.1.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-heap-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
                                Source: System.Text.RegularExpressions.dll.1.drStatic PE information: No import functions for PE file found
                                Source: System.Security.Cryptography.X509Certificates.dll.1.drStatic PE information: No import functions for PE file found
                                Source: System.Collections.Concurrent.dll.1.drStatic PE information: No import functions for PE file found
                                Source: System.IO.Compression.Brotli.dll.1.drStatic PE information: No import functions for PE file found
                                Source: System.Linq.Parallel.dll.1.drStatic PE information: No import functions for PE file found
                                Source: System.Diagnostics.FileVersionInfo.dll.1.drStatic PE information: No import functions for PE file found
                                Source: System.Net.Security.dll.1.drStatic PE information: No import functions for PE file found
                                Source: classification engineClassification label: mal100.troj.spyw.evad.winMSI@110/945@0/11
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA NetworksJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.logJump to behavior
                                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:2020:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3304:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5580:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:2804:120:WilError_03
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exeMutant created: \BaseNamedObjects\Global\NLog-FileFileArchiveLock-c:_program files (x86)_atera networks_ateraagent_packages_agentpackageosupdates_log.txt
                                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3748:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3692:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6480:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6484:120:WilError_03
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exeMutant created: \BaseNamedObjects\Global\GenericDevicesFileLock
                                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:1172:120:WilError_03
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
                                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7132:120:WilError_03
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeMutant created: \BaseNamedObjects\Global\Access_ISABUS.HTP.Method
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeMutant created: \BaseNamedObjects\C__Program Files (x86)_ATERA Networks_AteraAgent_Packages_AgentPackageProgramManagement_logs_chocolatey.log
                                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5008:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6844:120:WilError_03
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exeMutant created: NULL
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMutant created: \Sessions\1\BaseNamedObjects\Global\netfxeventlog.1.0
                                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:384:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:2584:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5060:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5476:120:WilError_03
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exeMutant created: \BaseNamedObjects\NLogMutexTester
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exeMutant created: \BaseNamedObjects\Global\SNMPDevicesFileLock
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeMutant created: \BaseNamedObjects\Global\NLog-FileFileArchiveLock-c:_program files (x86)_atera networks_ateraagent_packages_agentpackagemonitoring_log.txt
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeMutant created: \BaseNamedObjects\Global\{bd59231e-97d1-4fc0-a975-80c3fed498b7}
                                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:1480:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6044:120:WilError_03
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeMutant created: \BaseNamedObjects\Global\Access_PCI
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeMutant created: \BaseNamedObjects\C__Program Files (x86)_ATERA Networks_AteraAgent_Packages_AgentPackageProgramManagement_logs_choco.summary.log
                                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3836:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6628:120:WilError_03
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exeMutant created: \BaseNamedObjects\Global\HttpDevicesFileLock
                                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6192:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:2684:120:WilError_03
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exeMutant created: \BaseNamedObjects\Global\ServerDevicesFileLock
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DF453F0FBC0B60F55F.TMPJump to behavior
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;AteraAgent.exe&quot;)
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select MaxClockSpeed from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select MaxClockSpeed from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select MaxClockSpeed from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile read: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini
                                Source: C:\Windows\System32\msiexec.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI52D0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4150234 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                                Source: AteraAgent.exe, 0000000E.00000002.2755186667.000001CCA0FA4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2451905347.000001617CB62000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: SELECT Identifier, Severity, Timestamp FROM ThresholdDuration WHERE Identifier = @id;kDELETE FROM ThresholdDuration WHERE Identifier = @id;
                                Source: AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO ThresholdDuration (Identifier,Severity,Timestamp) Values (@identifier, @severity, @timestamp) ON CONFLICT (Identifier) DO UPDATE SET Severity = excluded.Severity, Timestamp = excluded.Timestamp;@X9
                                Source: AgentPackageMonitoring.exe, 0000002B.00000002.2647176737.000002AD8A64E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS AlertedEvents_V2 (Id INTEGER PRIMARY KEY, Timestamp BIGINT NOT NULL, LogName TEXT NOT NULL, Severity INTEGER NOT NULL, RecordId BIGINT NOT NULL, EventId BIGINT NOT NULL, Source TEXT NOT NULL, Message TEXT NULL); CREATE INDEX IF NOT EXISTS idx_AlertedEvents_V2_Timestamp ON AlertedEvents_V2 (Timestamp); CREATE INDEX IF NOT EXISTS idx_AlertedEvents_V2_LogName ON AlertedEvents_V2 (LogName);@X9
                                Source: AgentPackageMonitoring.exe, 0000002B.00000002.2647176737.000002AD8A64E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS ThresholdsProfiles (Id INTEGER NOT NULL PRIMARY KEY,IsActive BOOLEAN NOT NULL,Timestamp BIGINT NOT NULL,Name TEXT NOT NULL,Thresholds TEXT NOT NULL); CREATE INDEX IF NOT EXISTS idx_ThresholdsProfiles_Timestamp ON ThresholdsProfiles (Timestamp);@X9
                                Source: AteraAgent.exe, 0000000E.00000002.2755186667.000001CCA0FA4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2451905347.000001617CB62000.00000002.00000001.01000000.0000001B.sdmp, AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO ThresholdDuration (Identifier,Severity,Timestamp) Values (@identifier, @severity, @timestamp) ON CONFLICT (Identifier) DO UPDATE SET Severity = excluded.Severity, Timestamp = excluded.Timestamp;
                                Source: AteraAgent.exe, 0000000E.00000002.2755186667.000001CCA0FA4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2451905347.000001617CB62000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: INSERT INTO [AlertsSent] (Timestamp, Alerts) VALUES (@timestamp, @alerts);kExecuteScriptAsync SystemTools Start scriptGuid : {0}Wrunscriptguid {0} 10 W10= disableSendResult
                                Source: AgentPackageMonitoring.exe, 0000002B.00000002.2647176737.000002AD8AB13000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO ThresholdsProfiles (IsActive,Timestamp,Name,Thresholds) Values (@isActive,@timestamp,@name,@thresholds); DELETE FROM ThresholdsProfiles WHERE Timestamp < @timeToDelete;@X9
                                Source: AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO Statistics(Name, Timestamp, Value) Values (@name, @timestamp, @value);
                                Source: AgentPackageMonitoring.exe, 0000002B.00000002.2647176737.000002AD8A64E000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F5E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS AlertedEvents_V2 (Id INTEGER PRIMARY KEY, Timestamp BIGINT NOT NULL, LogName TEXT NOT NULL, Severity INTEGER NOT NULL, RecordId BIGINT NOT NULL, EventId BIGINT NOT NULL, Source TEXT NOT NULL, Message TEXT NULL); CREATE INDEX IF NOT EXISTS idx_AlertedEvents_V2_Timestamp ON AlertedEvents_V2 (Timestamp); CREATE INDEX IF NOT EXISTS idx_AlertedEvents_V2_LogName ON AlertedEvents_V2 (LogName);
                                Source: AteraAgent.exe, 0000000E.00000002.2755186667.000001CCA0FA4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2451905347.000001617CB62000.00000002.00000001.01000000.0000001B.sdmp, AgentPackageMonitoring.exe, 0000002B.00000002.2647176737.000002AD8A64E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS StatisticsSendTime (Id INTEGER PRIMARY KEY,Timestamp BIGINT NOT NULL);
                                Source: AteraAgent.exe, 0000000E.00000002.2755186667.000001CCA0FA4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2451905347.000001617CB62000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: INSERT INTO Statistics(Name, Timestamp, Value) Values (@name, @timestamp, @value);%StatisticsSendTime
                                Source: AgentPackageMonitoring.exe, AgentPackageMonitoring.exe, 0000002B.00000002.2693765678.00007FF89F7AA000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                                Source: AteraAgent.exe, 0000000E.00000002.2755186667.000001CCA0FA4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2451905347.000001617CB62000.00000002.00000001.01000000.0000001B.sdmp, AgentPackageMonitoring.exe, 0000002B.00000002.2647176737.000002AD8A64E000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F5E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS ThresholdDuration (Id INTEGER PRIMARY KEY,Identifier TEXT NOT NULL,Severity TEXT NOT NULL,Timestamp BIGINT NOT NULL); CREATE UNIQUE INDEX IF NOT EXISTS idx_ThresholdDuration_Identifier ON ThresholdDuration (Identifier);
                                Source: AteraAgent.exe, 0000000E.00000002.2755186667.000001CCA0FA4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2451905347.000001617CB62000.00000002.00000001.01000000.0000001B.sdmp, AgentPackageMonitoring.exe, 0000002B.00000002.2647176737.000002AD8A64E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS Stub (Id INTEGER PRIMARY KEY, Timestamp BIGINT NOT NULL);
                                Source: AgentPackageMonitoring.exe, 0000002B.00000002.2647176737.000002AD8A64E000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F5E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS Statistics (Id INTEGER PRIMARY KEY,Name TEXT NOT NULL,Timestamp BIGINT NOT NULL,Value TEXT NOT NULL);
                                Source: AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934FA8C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO StatisticsSendTime (Timestamp) Values (@timestamp);
                                Source: AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F939000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO [AlertsSent] (Timestamp, Alerts) VALUES (@timestamp, @alerts);
                                Source: AgentPackageMonitoring.exe, 0000002B.00000002.2693765678.00007FF89F7AA000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                                Source: AgentPackageMonitoring.exe, 0000002B.00000002.2647176737.000002AD8A64E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS ThresholdsProfiles (Id INTEGER NOT NULL PRIMARY KEY,IsActive BOOLEAN NOT NULL,Timestamp BIGINT NOT NULL,Name TEXT NOT NULL,Thresholds TEXT NOT NULL);
                                Source: AgentPackageMonitoring.exe, 0000002B.00000002.2647176737.000002AD8A64E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS ThresholdDuration (Id INTEGER PRIMARY KEY,Identifier TEXT NOT NULL,Severity TEXT NOT NULL,Timestamp BIGINT NOT NULL); CREATE UNIQUE INDEX IF NOT EXISTS idx_ThresholdDuration_Identifier ON ThresholdDuration (Identifier);@X9
                                Source: AgentPackageMonitoring.exe, AgentPackageMonitoring.exe, 0000002B.00000002.2693765678.00007FF89F7AA000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                                Source: AgentPackageMonitoring.exe, 0000002B.00000002.2666712360.000002ADA3D06000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE 'main'.sqlite_master SET type='table', name='AlertsSent', tbl_name='AlertsSent', rootpage=#2, sql='CREATE TABLE [AlertsSent] (Id INTEGER NOT NULL PRIMARY KEY, Timestamp BIGINT NOT NULL, Alerts TEXT NOT NULL)' WHERE rowid=#1;
                                Source: AteraAgent.exe, 0000000E.00000002.2755186667.000001CCA0FA4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2451905347.000001617CB62000.00000002.00000001.01000000.0000001B.sdmp, AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F9A4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT Timestamp FROM StatisticsSendTime ORDER BY Timestamp DESC LIMIT 1;
                                Source: AteraAgent.exe, 0000000E.00000002.2755186667.000001CCA0FA4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2451905347.000001617CB62000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS [AlertsSent] (Id INTEGER NOT NULL PRIMARY KEY, Timestamp BIGINT NOT NULL, Alerts TEXT NOT NULL);sSELECT MAX([Timestamp]) AS [TimeStamp] FROM [AlertsSent];
                                Source: AgentPackageMonitoring.exe, AgentPackageMonitoring.exe, 0000002B.00000002.2693765678.00007FF89F7AA000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                                Source: AgentPackageMonitoring.exe, AgentPackageMonitoring.exe, 0000002B.00000002.2693765678.00007FF89F7AA000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                                Source: AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F9A4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT Id, Name, Timestamp, Value FROM Statistics;
                                Source: AteraAgent.exe, 0000000E.00000002.2755186667.000001CCA0FA4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2451905347.000001617CB62000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: SELECT [Id], [Alerts], [Timestamp] FROM [AlertsSent] ORDER BY [Timestamp] DESC LIMIT 1;
                                Source: AteraAgent.exe, 0000000E.00000002.2755186667.000001CCA0FA4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2451905347.000001617CB62000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS Statistics (Id INTEGER PRIMARY KEY,Name TEXT NOT NULL,Timestamp BIGINT NOT NULL,Value TEXT NOT NULL);/DELETE FROM Statistics;eSELECT Id, Name, Timestamp, Value FROM Statistics;
                                Source: AgentPackageMonitoring.exe, 0000002B.00000002.2647176737.000002AD8A64E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS [AlertsSent] (Id INTEGER NOT NULL PRIMARY KEY, Timestamp BIGINT NOT NULL, Alerts TEXT NOT NULL);
                                Source: AteraAgent.exe, 0000000E.00000002.2755186667.000001CCA0FA4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2451905347.000001617CB62000.00000002.00000001.01000000.0000001B.sdmp, AgentPackageMonitoring.exe, 0000002B.00000002.2647176737.000002AD8A64E000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F5E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS ThresholdsProfiles (Id INTEGER NOT NULL PRIMARY KEY,IsActive BOOLEAN NOT NULL,Timestamp BIGINT NOT NULL,Name TEXT NOT NULL,Thresholds TEXT NOT NULL); CREATE INDEX IF NOT EXISTS idx_ThresholdsProfiles_Timestamp ON ThresholdsProfiles (Timestamp);
                                Source: AgentPackageMonitoring.exe, AgentPackageMonitoring.exe, 0000002B.00000002.2693765678.00007FF89F7AA000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                                Source: AgentPackageMonitoring.exe, 0000002B.00000002.2647176737.000002AD8A64E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS Statistics (Id INTEGER PRIMARY KEY,Name TEXT NOT NULL,Timestamp BIGINT NOT NULL,Value TEXT NOT NULL);@X9
                                Source: AgentPackageMonitoring.exe, 0000002B.00000002.2647176737.000002AD8AB13000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO ThresholdsProfiles (IsActive,Timestamp,Name,Thresholds) Values (@isActive,@timestamp,@name,@thresholds); DELETE FROM ThresholdsProfiles WHERE Timestamp < @timeToDelete;
                                Source: AgentPackageMonitoring.exe, 0000002B.00000002.2647176737.000002AD8A64E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS ThresholdDuration (Id INTEGER PRIMARY KEY,Identifier TEXT NOT NULL,Severity TEXT NOT NULL,Timestamp BIGINT NOT NULL);
                                Source: AgentPackageMonitoring.exe, 0000002B.00000002.2647176737.000002AD8A64E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS AlertedEvents_V2 (Id INTEGER PRIMARY KEY, Timestamp BIGINT NOT NULL, LogName TEXT NOT NULL, Severity INTEGER NOT NULL, RecordId BIGINT NOT NULL, EventId BIGINT NOT NULL, Source TEXT NOT NULL, Message TEXT NULL);
                                Source: AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F893000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT MAX([Timestamp]) AS [TimeStamp] FROM [AlertsSent];
                                Source: AgentPackageMonitoring.exe, AgentPackageMonitoring.exe, 0000002B.00000002.2693765678.00007FF89F7AA000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                                Source: AteraAgent.exe, 0000000E.00000002.2755186667.000001CCA0FA4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2451905347.000001617CB62000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: select Name from Win32_PerfFormattedData_Tcpip_NetworkInterface!DataStatsEnabled9InboundBandwidthStatsEnabled;OutboundBandwidthStatsEnabled
                                Source: AteraAgent.exe, 0000000E.00000002.2755186667.000001CCA0FA4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2451905347.000001617CB62000.00000002.00000001.01000000.0000001B.sdmp, AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934FBF5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT Id, IsActive, Timestamp, Name, Thresholds FROM ThresholdsProfiles ORDER BY Timestamp DESC LIMIT 1;
                                Source: AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT Identifier, Severity, Timestamp FROM ThresholdDuration WHERE Identifier = @id;
                                Source: gaYiWz75kv.msiStatic file information: TRID: Microsoft Windows Installer (60509/1) 57.88%
                                Source: gaYiWz75kv.msiReversingLabs: Detection: 26%
                                Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\gaYiWz75kv.msi"
                                Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 9EC403ECF0C0C0E65714DE34CF3E0384
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI52D0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4150234 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI591B.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4151609 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI6D01.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4157171 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding DF45D645E6A346EE279CFE96252995FD E Global\MSI0000
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
                                Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="gratefullytatum@gmail.com" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000MveCAIAZ" /AgentId="efdd2c58-d53a-48e0-bd64-b73430c78939"
                                Source: unknownProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI8958.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4163937 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "4a6f545b-aae0-4508-bfae-1a58ed989cb7" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "4742ab29-7a91-4005-8b85-9d822d2d207b" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: unknownProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "c61212b5-ba91-4c65-bc4f-c4676c20bb42" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cscript.exe cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "81622bfe-fdc1-4fd4-b863-087ece04432b" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIn0=" 001Q300000MveCAIAZ
                                Source: unknownProcess created: C:\Windows\System32\sppsvc.exe C:\Windows\system32\sppsvc.exe
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "ccc9e31c-ab21-4891-b7ee-8c3371f201f4" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cscript.exe cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k smphost
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "ccc9e31c-ab21-4891-b7ee-8c3371f201f4" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "6d3932b7-d595-4ec1-ba45-8ee0e9e068b8" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "6dc6b569-88f8-4c0b-ba4d-f407efaa2a09" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cscript.exe cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "c293db25-a44a-4495-86a5-1d156f7b88b1" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "1a38e639-d8b2-4578-a9b2-1e798ca9efea" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "d3c5afbf-763e-48ba-a818-4ee2d8365577" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "175cc305-cc6c-4927-a3b6-18d54ad920b0" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000MveCAIAZ
                                Source: unknownProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" schedulerrun
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "276ad274-97c6-4ad6-a5ad-71fef5b6c1d9" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "3caeb474-f589-4b7e-af90-d040b4bb9be8" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 9EC403ECF0C0C0E65714DE34CF3E0384Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding DF45D645E6A346EE279CFE96252995FD E Global\MSI0000Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="gratefullytatum@gmail.com" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000MveCAIAZ" /AgentId="efdd2c58-d53a-48e0-bd64-b73430c78939"Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI52D0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4150234 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentIdJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI591B.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4151609 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStartJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI6D01.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4157171 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallationJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI8958.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4163937 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEndJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe
                                Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "4a6f545b-aae0-4508-bfae-1a58ed989cb7" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "4742ab29-7a91-4005-8b85-9d822d2d207b" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "c61212b5-ba91-4c65-bc4f-c4676c20bb42" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "81622bfe-fdc1-4fd4-b863-087ece04432b" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIn0=" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "ccc9e31c-ab21-4891-b7ee-8c3371f201f4" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "c61212b5-ba91-4c65-bc4f-c4676c20bb42" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "ccc9e31c-ab21-4891-b7ee-8c3371f201f4" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "6d3932b7-d595-4ec1-ba45-8ee0e9e068b8" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "6dc6b569-88f8-4c0b-ba4d-f407efaa2a09" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "c293db25-a44a-4495-86a5-1d156f7b88b1" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "1a38e639-d8b2-4578-a9b2-1e798ca9efea" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "d3c5afbf-763e-48ba-a818-4ee2d8365577" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "175cc305-cc6c-4927-a3b6-18d54ad920b0" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "276ad274-97c6-4ad6-a5ad-71fef5b6c1d9" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "3caeb474-f589-4b7e-af90-d040b4bb9be8" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cscript.exe cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cscript.exe cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cscript.exe cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeProcess created: unknown unknown
                                Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: winsta.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
                                Source: C:\Windows\SysWOW64\net.exeSection loaded: mpr.dll
                                Source: C:\Windows\SysWOW64\net.exeSection loaded: wkscli.dll
                                Source: C:\Windows\SysWOW64\net.exeSection loaded: netutils.dll
                                Source: C:\Windows\SysWOW64\net.exeSection loaded: samcli.dll
                                Source: C:\Windows\SysWOW64\net.exeSection loaded: srvcli.dll
                                Source: C:\Windows\SysWOW64\net.exeSection loaded: iphlpapi.dll
                                Source: C:\Windows\SysWOW64\net1.exeSection loaded: samcli.dll
                                Source: C:\Windows\SysWOW64\net1.exeSection loaded: netutils.dll
                                Source: C:\Windows\SysWOW64\net1.exeSection loaded: dsrole.dll
                                Source: C:\Windows\SysWOW64\net1.exeSection loaded: srvcli.dll
                                Source: C:\Windows\SysWOW64\net1.exeSection loaded: wkscli.dll
                                Source: C:\Windows\SysWOW64\net1.exeSection loaded: logoncli.dll
                                Source: C:\Windows\SysWOW64\net1.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mscoree.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: apphelp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: kernel.appcore.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: version.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: uxtheme.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: windows.storage.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wldp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: profapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptsp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rsaenh.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptbase.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: urlmon.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iertutil.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: srvcli.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: netutils.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: sspicli.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: propsys.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: msasn1.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: riched20.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: usp10.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: msls31.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: gpapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptnet.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iphlpapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winnsi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winhttp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mswsock.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc6.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: webio.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dnsapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasadhlp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: fwpuclnt.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wbemcomn.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: amsi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: userenv.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mscoree.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: kernel.appcore.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: version.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: windows.storage.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wldp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: profapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptsp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rsaenh.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptbase.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: propsys.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: edputil.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: urlmon.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iertutil.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: srvcli.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: netutils.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: windows.staterepositoryps.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: sspicli.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wintypes.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: appresolver.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: bcp47langs.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: slc.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: userenv.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: sppc.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: onecorecommonproxystub.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: onecoreuapcommonproxystub.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasapi32.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasman.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rtutils.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mswsock.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winhttp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iphlpapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc6.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dnsapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winnsi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasadhlp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: fwpuclnt.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: secur32.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: schannel.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mskeyprotect.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ntasn1.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ncrypt.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ncryptsslp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: msasn1.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: gpapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wbemcomn.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: amsi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptnet.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: webio.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: apphelp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: apphelp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wbemcomn.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: amsi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: userenv.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasapi32.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasman.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rtutils.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mswsock.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winhttp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ondemandconnroutehelper.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iphlpapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc6.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dnsapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winnsi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasadhlp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: fwpuclnt.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: secur32.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: sspicli.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: schannel.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mskeyprotect.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ntasn1.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncrypt.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncryptsslp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: msasn1.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: gpapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mscoree.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: kernel.appcore.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: version.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: windows.storage.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wldp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: profapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptsp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rsaenh.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptbase.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: propsys.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: edputil.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: urlmon.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iertutil.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: srvcli.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: netutils.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasapi32.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasman.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rtutils.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: windows.staterepositoryps.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mswsock.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: sspicli.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winhttp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iphlpapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc6.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wintypes.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: appresolver.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: bcp47langs.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: slc.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: userenv.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: sppc.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dnsapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: onecorecommonproxystub.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winnsi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: onecoreuapcommonproxystub.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasadhlp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: fwpuclnt.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: secur32.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: schannel.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mskeyprotect.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ntasn1.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ncrypt.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ncryptsslp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: msasn1.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: gpapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wbemcomn.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: amsi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptnet.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: apphelp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wbemcomn.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: amsi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: userenv.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wscapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: urlmon.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iertutil.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: srvcli.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: netutils.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: sspicli.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mswsock.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iphlpapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasapi32.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasman.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rtutils.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winhttp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ondemandconnroutehelper.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc6.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dnsapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winnsi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasadhlp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: fwpuclnt.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: secur32.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: schannel.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mskeyprotect.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ntasn1.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncrypt.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncryptsslp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: msasn1.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: gpapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wtsapi32.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winsta.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: devobj.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: napinsp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: pnrpnsp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wshbth.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: nlaapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winrnr.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: version.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: sxs.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: vbscript.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: amsi.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: wldp.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: msasn1.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: rsaenh.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: msisip.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: wshext.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: scrobj.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: gpapi.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: cryptnet.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: iphlpapi.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: winnsi.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: mpr.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: scrrun.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: wbemcomn.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: mscoree.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: apphelp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: kernel.appcore.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: version.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: cryptsp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: rsaenh.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: cryptbase.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: windows.storage.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: wldp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: profapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: rasapi32.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: rasman.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: rtutils.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: mswsock.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: winhttp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: ondemandconnroutehelper.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: iphlpapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: dhcpcsvc6.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: dhcpcsvc.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: dnsapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: winnsi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: rasadhlp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: fwpuclnt.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: secur32.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: sspicli.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: schannel.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: mskeyprotect.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: ntasn1.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: ncrypt.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: ncryptsslp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: msasn1.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: gpapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeSection loaded: mscoree.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeSection loaded: apphelp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeSection loaded: kernel.appcore.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeSection loaded: version.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeSection loaded: windows.storage.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeSection loaded: wldp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeSection loaded: profapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeSection loaded: cryptsp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeSection loaded: rsaenh.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeSection loaded: cryptbase.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wbemcomn.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: amsi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: userenv.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wscapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: urlmon.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iertutil.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: srvcli.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: netutils.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: sspicli.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mswsock.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iphlpapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasapi32.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasman.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rtutils.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winhttp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ondemandconnroutehelper.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc6.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dnsapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winnsi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasadhlp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: fwpuclnt.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: secur32.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: schannel.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mskeyprotect.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ntasn1.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncrypt.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncryptsslp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: msasn1.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: gpapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wtsapi32.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winsta.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: devobj.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: napinsp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: pnrpnsp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wshbth.dll
                                Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile written: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA NetworksJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA Networks\AteraAgentJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exeJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe.configJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA Networks\AteraAgent\Newtonsoft.Json.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA Networks\AteraAgent\Pubnub.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\ATERA Networks\AteraAgent\System.ValueTuple.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\sharedJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.AppJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebSockets.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Http.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Numerics.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Pipes.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.Serialization.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Core.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.Primitives.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Configuration.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Intrinsics.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-rtlsupport-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\msquic.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebSockets.Client.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Primitives.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-interlocked-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Sockets.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ServiceModel.Web.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ServiceProcess.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encodings.Web.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\WindowsBase.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-debug-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.AccessControl.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.DriveInfo.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-localization-l1-2-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Channels.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebProxy.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Web.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.Expressions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.MemoryMappedFiles.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Primitives.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-sysinfo-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-processenvironment-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Pipes.AccessControl.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-stdio-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.TypeConverter.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Numerics.Vectors.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Emit.ILGeneration.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.Primitives.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ObjectModel.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Xml.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\dbgshim.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-file-l2-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.HttpListener.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Formats.Asn1.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Cng.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-timezone-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Json.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XDocument.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Emit.Lightweight.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscorlib.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebClient.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.Xml.Linq.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-string-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XPath.XDocument.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscordbi.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-file-l1-2-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.InteropServices.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.Immutable.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Extensions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.NetworkInformation.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.UnmanagedMemoryStream.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.TraceSource.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-environment-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-console-l1-2-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-heap-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.IsolatedStorage.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-util-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-runtime-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Mail.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Ping.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Claims.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Console.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\createdump.exeJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.DataAnnotations.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.ZipFile.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Process.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Web.HttpUtility.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-synch-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-memory-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-libraryloader-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.Win32.Primitives.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.DiagnosticSource.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebHeaderCollection.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Dynamic.Runtime.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Requests.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-conio-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Extensions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Globalization.Extensions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.VisualBasic.Core.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\hostpolicy.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Formatters.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Transactions.Local.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\.versionJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Drawing.Primitives.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\clrjit.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.ReaderWriter.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.Dataflow.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.Annotations.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\clretwrc.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.Parallel.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Memory.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-math-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.DiaSymReader.Native.amd64.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.NonGeneric.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Globalization.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encoding.Extensions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Tools.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.TypeExtensions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-time-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.Linq.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-synch-l1-2-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.DataContractSerialization.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Handles.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Resources.Reader.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-console-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.Native.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ValueTuple.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.Xml.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.NETCore.App.runtimeconfig.jsonJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Metadata.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-datetime-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Data.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.CSharp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Resources.ResourceManager.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XmlSerializer.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.NETCore.App.deps.jsonJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Primitives.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Csp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-private-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.OpenSsl.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscordaccore_amd64_amd64_6.0.3524.45918.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Json.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.AccessControl.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Quic.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-namedpipe-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encoding.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscordaccore.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.StackTrace.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Principal.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Principal.Windows.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\ucrtbase.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Encoding.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.Queryable.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Windows.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Overlapped.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encoding.CodePages.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-filesystem-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscorrc.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.DispatchProxy.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.Extensions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.EventBasedAsync.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-processthreads-l1-1-1.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Data.Common.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.CompilerServices.VisualC.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.NameResolution.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.ThreadPool.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Thread.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Emit.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-multibyte-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.Win32.Registry.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-file-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Contracts.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Numerics.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.InteropServices.RuntimeInformation.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.Specialized.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-convert-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-processthreads-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.SecureString.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.AppContext.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-handle-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-utility-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-process-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Resources.Writer.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-string-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-fibers-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Buffers.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Security.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.Brotli.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XPath.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.ServicePoint.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.VisualBasic.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Data.DataSetExtensions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.X509Certificates.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Tracing.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.Concurrent.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Drawing.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Http.Json.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.FileVersionInfo.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Debug.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Timer.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\coreclr.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Loader.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-heap-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.RegularExpressions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Globalization.Calendars.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.Parallel.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.CompilerServices.Unsafe.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.TextWriterTraceListener.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-profile-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.FileSystem.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Primitives.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-locale-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Transactions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.Uri.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.Watcher.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XmlDocument.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-errorhandling-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.CoreLib.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Algorithms.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\netstandard.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\hostJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\host\fxrJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\host\fxr\6.0.35Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\host\fxr\6.0.35\hostfxr.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\dotnet.exeJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\LICENSE.txtJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\ThirdPartyNotices.txtJump to behavior
                                Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6B2921FF-79C1-4EBF-81B4-C606D4E5BEF4}Jump to behavior
                                Source: gaYiWz75kv.msiStatic file information: File size 2994176 > 1048576
                                Source: Binary string: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3045785665.000000A9B58F3000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: C:\projects\polly\src\Polly\obj\Release\netstandard1.1\Polly.pdbSHA256 source: AgentPackageMonitoring.exe, 0000002B.00000002.2657544480.000002ADA2E22000.00000002.00000001.01000000.00000020.sdmp
                                Source: Binary string: C:\Program Files (x86)\ATERA b.pdb7 source: AgentPackageUpgradeAgent.exe, 0000003B.00000002.3334484189.000001D441C28000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3226195005.0000024FC3E4F000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb<$ source: AteraAgent.exe, 0000000D.00000000.2136092382.00000235396D2000.00000002.00000001.01000000.0000000F.sdmp
                                Source: Binary string: rmation.pdb source: AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA0A87000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb source: AgentPackageAgentInformation.exe, 00000013.00000002.2389816421.00000238C26F2000.00000002.00000001.01000000.00000018.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.2923848146.000001FADCD02000.00000002.00000001.01000000.00000037.sdmp
                                Source: Binary string: D:\a\1\s\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent\obj\Release\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 00000034.00000000.2748557710.0000024FAAC22000.00000002.00000001.01000000.00000026.sdmp
                                Source: Binary string: c:\dev\sqlite\dotnet-private\obj\2012\System.Data.SQLite.2012\Release\System.Data.SQLite.pdbp+ source: AgentPackageMonitoring.exe, 0000002B.00000002.2661494817.000002ADA2FE2000.00000002.00000001.01000000.00000022.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\*.pdb source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3226195005.0000024FC3E4F000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\projects\nlog\src\NLog\obj\Release\net45\NLog.pdb source: AgentPackageMonitoring.exe, 0000002B.00000002.2662447376.000002ADA3052000.00000002.00000001.01000000.00000023.sdmp
                                Source: Binary string: C:\projects\structuremap\src\StructureMap\obj\Release\net45\StructureMap.pdb source: AgentPackageMonitoring.exe, 00000022.00000002.2473619511.000001617D3F2000.00000002.00000001.01000000.0000001D.sdmp
                                Source: Binary string: D:\a\1\s\Atera.AgentCommunication.Models\obj\Release\net45\Atera.AgentCommunication.Models.pdbSHA256G source: AgentPackageInternalPoller.exe, 0000003A.00000002.2905449409.000002386F8C2000.00000002.00000001.01000000.00000032.sdmp
                                Source: Binary string: D:\a\1\s\AgentPackageTicketing\AgentPackageTicketing\obj\Release\AgentPackageTicketing.pdb\mvm hm_CorExeMainmscoree.dll source: AgentPackageTicketing.exe, 00000036.00000000.2762227421.000001C1BBA72000.00000002.00000001.01000000.00000028.sdmp
                                Source: Binary string: D:\a\_work\1\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netstandard1.1\System.Memory.pdb source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D7D0000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb8 source: AgentPackageProgramManagement.exe, 00000038.00000002.2923848146.000001FADCD02000.00000002.00000001.01000000.00000037.sdmp
                                Source: Binary string: Deserializebe9b72de-bd69-4837-9ca3-f44a00f3740ePackageMonitoring.pdb source: AgentPackageMonitoring.exe, 0000002F.00000002.3105681849.0000019368D1D000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\Users\LiorKovarsky\Downloads\sharpsnmplib-11.3.0\sharpsnmplib-11.3.0\SharpSnmpLib\obj\Release\net45\win\SharpSnmpLib.pdbSHA256 source: AgentPackageInternalPoller.exe, 0000003A.00000002.2910721127.000002386FC92000.00000002.00000001.01000000.00000035.sdmp
                                Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000004.00000003.2051062600.00000000045E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.00000000042FF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004AAE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AB3000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb source: AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D96000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.PDBPv source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3045785665.000000A9B58F3000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb source: AteraAgent.exe, 0000000D.00000000.2136092382.00000235396D2000.00000002.00000001.01000000.0000000F.sdmp
                                Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdbSHA256 source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D878000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000003B.00000002.3334484189.000001D441C3B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdbt source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3226195005.0000024FC3E4F000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\s\AgentPackageInternalPoller\AgentPackageInternalPoller\obj\Release\AgentPackageInternalPoller.pdb source: AgentPackageInternalPoller.exe, 0000003A.00000000.2793424325.000002386E7B2000.00000002.00000001.01000000.0000002A.sdmp
                                Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdbSHA256mW source: AteraAgent.exe, 0000000E.00000002.2750525974.000001CCA0E02000.00000002.00000001.01000000.00000027.sdmp
                                Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdb source: AteraAgent.exe, 0000000E.00000002.2750525974.000001CCA0E02000.00000002.00000001.01000000.00000027.sdmp
                                Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA2567 source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D791000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002B.00000002.2664866309.000002ADA3132000.00000002.00000001.01000000.00000024.sdmp
                                Source: Binary string: L\AgentPackagn\AgentPackageAgelease\Agentrmation.pdb source: AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA0A87000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\code\dapper-dot-net\Dapper\bin\Release\net45\Dapper.pdb source: AgentPackageMonitoring.exe, 0000002B.00000002.2661015610.000002ADA2FA2000.00000002.00000001.01000000.00000021.sdmp
                                Source: Binary string: D:\a\1\s\AgentPackageProgramManagement\AgentPackageProgramManagement\obj\Release\AgentPackageProgramManagement.pdb source: AgentPackageProgramManagement.exe, 00000038.00000000.2780901484.000001FADC892000.00000002.00000001.01000000.00000029.sdmp
                                Source: Binary string: C:\projects\nlog\src\NLog\obj\Release\net45\NLog.pdbSHA256d source: AgentPackageMonitoring.exe, 0000002B.00000002.2662447376.000002ADA3052000.00000002.00000001.01000000.00000023.sdmp
                                Source: Binary string: D:\a\1\s\AgentPackageProgramManagement\ThirdPartyPackageManager\obj\Release\ThirdPartyPackageManager.pdb source: AgentPackageProgramManagement.exe, 00000038.00000002.2922710080.000001FADCBE2000.00000002.00000001.01000000.00000036.sdmp
                                Source: Binary string: C:\projects\polly\src\Polly\obj\Release\netstandard1.1\Polly.pdb source: AgentPackageMonitoring.exe, 0000002B.00000002.2657544480.000002ADA2E22000.00000002.00000001.01000000.00000020.sdmp
                                Source: Binary string: D:\a\1\s\AgentPackageAgentInformation\AgentPackageAgentInformation\obj\Release\AgentPackageAgentInformation.pdb source: AgentPackageAgentInformation.exe, 00000013.00000000.2360050618.00000238C2272000.00000002.00000001.01000000.00000016.sdmp
                                Source: Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000004.00000003.2051062600.00000000045E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.00000000042FF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004AAE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AB3000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: symbols\exe\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3045785665.000000A9B58F3000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88235000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2390522823.00000238DB462000.00000002.00000001.01000000.00000019.sdmp
                                Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdblob.stor source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3226195005.0000024FC3E4F000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: ]c:\borrar\EmptyDll\Release\EmptyDll.pdb source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmp
                                Source: Binary string: D:\a\_work\1\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netstandard1.1\System.Memory.pdbSHA256~ source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D7D0000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88235000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2390522823.00000238DB462000.00000002.00000001.01000000.00000019.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D791000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002B.00000002.2664866309.000002ADA3132000.00000002.00000001.01000000.00000024.sdmp
                                Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdb source: AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D878000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000003B.00000002.3334484189.000001D441C3B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3214008555.0000024FC3CA2000.00000002.00000001.01000000.00000044.sdmp
                                Source: Binary string: \??\C:\Windows\dll\System.pdbc.exe source: AgentPackageUpgradeAgent.exe, 0000003B.00000002.3334484189.000001D441C28000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Polly.dllt.pdb source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3226195005.0000024FC3E4F000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdbiiiGCTL source: AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D96000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3214008555.0000024FC3CA2000.00000002.00000001.01000000.00000044.sdmp
                                Source: Binary string: D:\a\1\s\AgentPackageMonitoring\AgentPackageMonitoring\obj\Release\AgentPackageMonitoring.pdb source: AteraAgent.exe, 0000000E.00000002.2755186667.000001CCA0FA4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2451905347.000001617CB62000.00000002.00000001.01000000.0000001B.sdmp
                                Source: Binary string: AgentPackageUpgradeAgent.PDB source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3045785665.000000A9B58F3000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: C:\Users\LiorKovarsky\Downloads\sharpsnmplib-11.3.0\sharpsnmplib-11.3.0\SharpSnmpLib\obj\Release\net45\win\SharpSnmpLib.pdb source: AgentPackageInternalPoller.exe, 0000003A.00000002.2910721127.000002386FC92000.00000002.00000001.01000000.00000035.sdmp
                                Source: Binary string: D:\a\1\s\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent\obj\Release\AgentPackageUpgradeAgent.pdbdeAgent.pdbO source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3045785665.000000A9B58F3000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: c:\borrar\EmptyDll\Release\EmptyDll.pdb source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmp
                                Source: Binary string: C:\buildAgent\work\1b72bc6dac87fa71\code_drop\merge\chocolatey.pdb source: AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmp
                                Source: Binary string: em.pdb source: AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA09B8000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000004.00000003.2051062600.00000000045E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.00000000042FF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004AAE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AB3000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\s\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller\obj\Release\AgentPackageRuntimeInstaller.pdb source: AteraAgent.exe, 00000017.00000002.3297945299.0000022F75D96000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\projects\structuremap\src\StructureMap\obj\Release\net45\StructureMap.pdbSHA256`{f source: AgentPackageMonitoring.exe, 00000022.00000002.2473619511.000001617D3F2000.00000002.00000001.01000000.0000001D.sdmp
                                Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdbPf source: AgentPackageAgentInformation.exe, 00000013.00000002.2389816421.00000238C26F2000.00000002.00000001.01000000.00000018.sdmp
                                Source: Binary string: D:\a\1\s\AgentPackageProgramManagement\ThirdPartyPackageManager\obj\Release\ThirdPartyPackageManager.pdbm source: AgentPackageProgramManagement.exe, 00000038.00000002.2922710080.000001FADCBE2000.00000002.00000001.01000000.00000036.sdmp
                                Source: Binary string: Agent\AgentPackageUpgradeAgent\obj\Release\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 0000003B.00000002.3334484189.000001D441C28000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: PC:\Windows\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3045785665.000000A9B58F3000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Windows\symbols\exe\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3226195005.0000024FC3E4F000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: pC:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.PDB source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3045785665.000000A9B58F3000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: mscorlib.pdb source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3226195005.0000024FC3DFA000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Windows\dll\System.pdb source: AgentPackageUpgradeAgent.exe, 0000003B.00000002.3334484189.000001D441C28000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\dev\sqlite\dotnet-private\bin\2012\x64\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: AgentPackageMonitoring.exe, 0000002B.00000002.2693765678.00007FF89F7AA000.00000002.00000001.01000000.0000001E.sdmp
                                Source: Binary string: Syem.pdb source: AgentPackageUpgradeAgent.exe, 0000003B.00000002.3096158574.000001D428BC7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdbSHA256 source: AteraAgent.exe, 0000000D.00000002.2183039602.0000023553D12000.00000002.00000001.01000000.00000011.sdmp
                                Source: Binary string: C:\Windows\AgentPackageUpgradeAgent.pdbpdbent.pdb source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3226195005.0000024FC3E4F000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb source: AteraAgent.exe, 0000000D.00000002.2183039602.0000023553D12000.00000002.00000001.01000000.00000011.sdmp
                                Source: Binary string: c:\dev\sqlite\dotnet-private\obj\2012\System.Data.SQLite.2012\Release\System.Data.SQLite.pdb source: AgentPackageMonitoring.exe, 0000002B.00000002.2661494817.000002ADA2FE2000.00000002.00000001.01000000.00000022.sdmp
                                Source: Binary string: D:\a\1\s\Atera.AgentCommunication.Models\obj\Release\net45\Atera.AgentCommunication.Models.pdb source: AgentPackageInternalPoller.exe, 0000003A.00000002.2905449409.000002386F8C2000.00000002.00000001.01000000.00000032.sdmp
                                Source: Binary string: \??\C:\Windows\exe\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 00000034.00000002.3226195005.0000024FC3E4F000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\s\AgentPackageTicketing\AgentPackageTicketing\obj\Release\AgentPackageTicketing.pdb source: AgentPackageTicketing.exe, 00000036.00000000.2762227421.000001C1BBA72000.00000002.00000001.01000000.00000028.sdmp
                                Source: Binary string: C:\Windows\System.pdbpdbtem.pdbD source: AgentPackageUpgradeAgent.exe, 0000003B.00000002.3334484189.000001D441C28000.00000004.00000020.00020000.00000000.sdmp
                                Source: System.Buffers.dll.1.drStatic PE information: 0xA8DE6DF9 [Sun Oct 12 01:57:13 2059 UTC]
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F661910 EncodePointer,__crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,43_2_00007FF89F661910
                                Source: coreclr.dll.1.drStatic PE information: section name: .CLR_UEF
                                Source: coreclr.dll.1.drStatic PE information: section name: .didat
                                Source: coreclr.dll.1.drStatic PE information: section name: Section
                                Source: coreclr.dll.1.drStatic PE information: section name: _RDATA
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FF848A809F8 push ecx; retn F8A7h13_2_00007FF848A80A0C
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FF848A800BD pushad ; iretd 13_2_00007FF848A800C1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 14_2_00007FF848A900BD pushad ; iretd 14_2_00007FF848A900C1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 14_2_00007FF848CA5BD8 push eax; ret 14_2_00007FF848CA5C34
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 14_2_00007FF848CB63AB push ecx; retf 14_2_00007FF848CB63AC
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 14_2_00007FF848CB608C push ecx; retf 14_2_00007FF848CB608D
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 14_2_00007FF848CA0871 push eax; ret 14_2_00007FF848CA0894
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 19_2_00007FF848AA5587 push ebp; iretd 19_2_00007FF848AA55D8
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 19_2_00007FF848A900BD pushad ; iretd 19_2_00007FF848A900C1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 21_2_00007FF848A800BD pushad ; iretd 21_2_00007FF848A800C1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 23_2_00007FF848A925D3 push eax; iretd 23_2_00007FF848A926A1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 23_2_00007FF848A97548 push ebx; iretd 23_2_00007FF848A9756A
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 23_2_00007FF848A8A6D1 push eax; retf 23_2_00007FF848A8A671
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 23_2_00007FF848A8A660 push eax; retf 23_2_00007FF848A8A671
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 23_2_00007FF848A800BD pushad ; iretd 23_2_00007FF848A800C1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 23_2_00007FF848C9B9F4 push esi; ret 23_2_00007FF848C9B9F5
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 23_2_00007FF848C91EB1 push eax; ret 23_2_00007FF848C91ED4
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 23_2_00007FF848C9D60D push ebx; ret 23_2_00007FF848C9DFFA
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 23_2_00007FF848C9DFA7 push ebx; ret 23_2_00007FF848C9DFFA
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 23_2_00007FF848C9AB6C push eax; ret 23_2_00007FF848C9AB84
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 26_2_00007FF848A9D2C5 pushad ; iretd 26_2_00007FF848AAAA45
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 26_2_00007FF848A9792B push ebx; retf 26_2_00007FF848A9796A
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 26_2_00007FF848A82D95 push eax; ret 26_2_00007FF848A82E1D
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 26_2_00007FF848A9FFB8 push FFFFFFE8h; retf 26_2_00007FF848A9FFF1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 26_2_00007FF848A9FEFA push FFFFFFE8h; retf 26_2_00007FF848A9FFF1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 26_2_00007FF848A800BD pushad ; iretd 26_2_00007FF848A800C1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 26_2_00007FF848A98163 push ebx; ret 26_2_00007FF848A9816A
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 26_2_00007FF848A8F650 push eax; iretd 26_2_00007FF848A8F65D
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeCode function: 31_2_00007FF848AA52FA push edx; iretd 31_2_00007FF848AA6E3B
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeCode function: 31_2_00007FF848AA699C push eax; ret 31_2_00007FF848AA699D
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeCode function: 31_2_00007FF848A97963 push ebx; retf 31_2_00007FF848A9796A
                                Source: System.Net.Security.dll.1.drStatic PE information: section name: .text entropy: 6.8652076749117015
                                Source: System.Collections.Concurrent.dll.1.drStatic PE information: section name: .text entropy: 6.841320952903052
                                Source: System.Linq.Parallel.dll.1.drStatic PE information: section name: .text entropy: 6.834635553555016

                                Persistence and Installation Behavior

                                barindex
                                Creates files in the system32 config directory
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BA74182F76F15A9CF514DEF352303C95
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BA74182F76F15A9CF514DEF352303C95
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageMonitoring.exe.log
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageProgramManagement.exe.log
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageInternalPoller.exe.log
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageUpgradeAgent.exe.log
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageSystemTools.exe.log
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageOsUpdates.exe.log
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.AgentPackages.CommonLib.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.CommonLib.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Microsoft.ApplicationInsights.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encoding.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.HttpListener.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Contracts.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Drawing.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Dynamic.Runtime.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.Xml.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\StructureMap.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6D01.tmpJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Debug.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.NetworkInformation.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.UserSecrets.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Encoding.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\NLog.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI21D4.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Primitives.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ATERA Networks\AteraAgent\System.ValueTuple.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\System.ValueTuple.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Contracts.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.Queryable.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.OpenSsl.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.Concurrent.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encoding.Extensions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.CSharp.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encoding.CodePages.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Diagnostics.DiagnosticSource.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.Primitives.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebSockets.Client.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: 3f5125.rbf (copy)Jump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\System.Diagnostics.DiagnosticSource.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Pipes.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.FileExtensions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Data.DataSetExtensions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.Primitives.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.WebSockets.Client.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.Dataflow.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\win\lib\net6.0\System.Diagnostics.EventLog.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: 3f5127.rbf (copy)Jump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Atera.Agent.Package.Infrastructure.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.TraceSource.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Principal.Windows.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Csp.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ObjectModel.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI152C.tmpJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Diagnostics.EventLog.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Globalization.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Sockets.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Core.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1337.tmpJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Options.ConfigurationExtensions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Emit.ILGeneration.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.ServiceProcess.ServiceController.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.CompilerServices.VisualC.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Formatters.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Numerics.Vectors.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Console.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Ping.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Process.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Reflection.Extensions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Numerics.Vectors.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.Parallel.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI52D0.tmp-\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Timer.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-string-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI71D6.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Data.Common.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.FileSystemGlobbing.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.EventLog.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentPackage.Common.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XmlDocument.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Security.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.TextWriterTraceListener.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.Abstractions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Compression.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\dotnet.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.Brotli.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8EF3.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC3C8.tmpJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentCommunication.Models.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.NonGeneric.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\System.Buffers.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.DataAnnotations.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ATERA Networks\AteraAgent\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Transactions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Primitives.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XDocument.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Http.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Hosting.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Globalization.Extensions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.Queryable.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebClient.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1057.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-file-l1-2-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\hostpolicy.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.Utils.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Primitives.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Security.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.Immutable.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEBF.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.StackTrace.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.AppContext.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\x64\SQLite.Interop.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.FileProviders.Abstractions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA9F1.tmpJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Compression.ZipFile.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.TypeExtensions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encodings.Web.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\it\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.AppContext.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Primitives.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.AgentPackages.Exceptions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.DiagnosticSource.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.Sinks.File.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\WindowsBase.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Handles.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\pl\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Extensions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackages.Exceptions.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI591B.tmp-\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\StructureMap.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Buffers.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Http.Json.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Atera.Agent.Package.Tools.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Handles.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.Extensions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\zh-Hant\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XmlSerializer.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Process.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\browser\lib\net6.0\System.Text.Encodings.Web.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebSockets.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Buffers.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\netstandard.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI52D0.tmp-\System.Management.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: 3f5128.rbf (copy)Jump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ATERA Networks\AteraAgent\Pubnub.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI591B.tmp-\System.Management.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.NetworkInformation.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\createdump.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\NLog.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.DriveInfo.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\win\lib\net6.0\System.Diagnostics.EventLog.Messages.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.Linq.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Resources.Writer.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.MemoryMappedFiles.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Numerics.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.Parallel.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Tools.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Console.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.NameResolution.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.EventSource.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Metadata.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI735E.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.IsolatedStorage.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.VisualBasic.Core.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-console-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\System.Diagnostics.DiagnosticSource.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.CommandLine.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Reflection.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Http.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: 3f5124.rbf (copy)Jump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Text.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Resources.Writer.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\StructureMap.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Globalization.Calendars.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\NLog.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Polly.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.Utils.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebHeaderCollection.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.NameResolution.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.Win32.Primitives.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Hosting.Abstractions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.AccessControl.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\System.Buffers.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI8958.tmp-\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDBE6.tmpJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.AgentPackages.ModelsV3.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.DiaSymReader.Native.amd64.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Extensions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Win32.TaskScheduler.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Claims.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Thread.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI591B.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.Extensions.Hosting.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Memory.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Microsoft.ApplicationInsights.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.ZipFile.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI52D0.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Buffers.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Requests.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Channels.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.IsolatedStorage.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC28D.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-file-l2-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Dapper.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Console.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\CredentialManagement.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Loader.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\ICSharpCode.SharpZipLib.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Transactions.Local.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\IdleTimeFinder.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8A01.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Memory.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Formats.Asn1.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\fr\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.Specialized.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI238C.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-console-l1-2-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.Win32.Registry.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Polly.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Pipes.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Quic.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Debug.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Tracing.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.AgentPackage.Common.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.Annotations.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Emit.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Drawing.Primitives.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6D01.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Principal.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Text.Encodings.Web.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\clrjit.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-file-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Ping.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Intrinsics.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.Serialization.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7273.tmpJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.ModelsV3.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscordaccore_amd64_amd64_6.0.3524.45918.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\de\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.DispatchProxy.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Polly.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2786.tmpJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Abstractions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.MemoryMappedFiles.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.X509Certificates.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.TraceSource.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Dynamic.Runtime.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\RunScriptAsUser.exeJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI52D0.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.Watcher.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\win\lib\net6.0\System.ServiceProcess.ServiceController.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Extensions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\x86\SQLite.Interop.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\NLog.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.Native.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Tracing.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\coreclr.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.EnvironmentVariables.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICB0C.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Web.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Memory.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI8958.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\clretwrc.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.Watcher.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Atera.AgentPackages.CommonLib.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\LiteDB.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.Xml.Linq.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Options.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ObjectModel.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\System.Diagnostics.DiagnosticSource.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ServiceModel.Web.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Tools.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC369.tmpJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\ru\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI8958.tmp-\System.Management.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.FileVersionInfo.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Atera.AgentPackage.Common.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XPath.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: 3f5126.rbf (copy)Jump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9C62.tmpJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.StackTrace.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\host\fxr\6.0.35\hostfxr.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Xml.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.TextWriterTraceListener.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.NonGeneric.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\CliWrap.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.CoreLib.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1D6C.tmpJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.WebSockets.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.AccessControl.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Diagnostics.DiagnosticSource.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.UnmanagedMemoryStream.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscordaccore.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.Binder.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exeJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI591B.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI591B.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Reflection.Primitives.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8958.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.Parallel.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.SecureString.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscordbi.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Debug.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Drawing.Primitives.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Microsoft.ApplicationInsights.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Windows.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.UnmanagedMemoryStream.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebProxy.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.DataContractSerialization.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\Atera.AgentPackage.Common.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Http.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.RegularExpressions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\Atera.AgentPackage.Common.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminderNotification.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\StructureMap.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ServiceProcess.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6D01.tmp-\System.Management.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Json.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1C04.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIAA9E.tmpJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.Primitives.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.DriveInfo.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Resources.Reader.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-util-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.Uri.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Configuration.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Globalization.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.ThreadPool.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Numerics.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\NLog.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\ucrtbase.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ValueTuple.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\dbgshim.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Algorithms.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Globalization.Extensions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: 3f5122.rbf (copy)Jump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\ThirdPartyPackageManager.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.FileProviders.Physical.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.DiagnosticSource.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.InteropServices.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Resources.Reader.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.EventBasedAsync.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscorlib.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Resources.ResourceManager.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Buffers.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Overlapped.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Resources.ResourceManager.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI8958.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.CompilerServices.VisualC.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Memory.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.TypeConverter.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.EventBasedAsync.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\zh-CN\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackage.Common.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Web.HttpUtility.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.VisualBasic.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Polly.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\System.Buffers.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.Concurrent.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.ValueTuple.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6D01.tmp-\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.DependencyInjection.Abstractions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\Microsoft.ApplicationInsights.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Data.SQLite.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\SharpSnmpLib.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Atera.AgentPackage.Common.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\System.Memory.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.DependencyInjection.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Microsoft.ApplicationInsights.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.TypeConverter.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.FileSystem.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.Primitives.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Diagnostics.DiagnosticSource.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Data.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Polly.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6D01.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.Extensions.Logging.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Configuration.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI52D0.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.Expressions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.Utils.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1F82.tmpJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\es\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Atera.Utils.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Pipes.AccessControl.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.ReaderWriter.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Primitives.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.Expressions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-fibers-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XPath.XDocument.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.Specialized.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Mail.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI26AA.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\msquic.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminder.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Globalization.Calendars.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\System.Memory.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Cng.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Requests.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.ServicePoint.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscorrc.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Emit.Lightweight.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA770.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Sockets.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Data.Common.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackages.CommonLib.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Primitives.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\OpenHardwareMonitorLib.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.WebHeaderCollection.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.FileVersionInfo.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI71D6.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1C04.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI26AA.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIAA9E.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8958.tmpJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6D01.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI52D0.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI591B.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI735E.tmpJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6D01.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEBF.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8EF3.tmpJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI52D0.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI8958.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1D6C.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC28D.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI52D0.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC3C8.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1337.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1F82.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICB0C.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA9F1.tmpJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI8958.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeFile created: C:\Windows\Temp\SplashtopStreamer.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA770.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6D01.tmpJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI52D0.tmp-\System.Management.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8A01.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7273.tmpJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI591B.tmp-\System.Management.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6D01.tmp-\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC369.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI238C.tmpJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI8958.tmp-\System.Management.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI21D4.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2786.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1057.tmpJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI591B.tmp-\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI591B.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI152C.tmpJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI52D0.tmp-\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI8958.tmp-\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6D01.tmp-\System.Management.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI591B.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDBE6.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9C62.tmpJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\InstallUtil.InstallLog
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.InstallLog
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\LICENSE.txtJump to behavior
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\LICENSE.txt
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\7zip.license.txt
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\checksum.license.txt
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\shimgen.license.txt

                                Boot Survival

                                barindex
                                Installs Task Scheduler Managed Wrapper
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Microsoft.Win32.TaskScheduler.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.Win32.TaskScheduler.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Win32.TaskScheduler.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F65A524 EncodePointer,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,43_2_00007FF89F65A524
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey value created or modified: HKEY_USERS.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C Blob
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX

                                Malware Analysis System Evasion

                                barindex
                                Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\ROOT\cimv2:Win32_DiskDrive.DeviceID=&quot;\\\\.\\PHYSICALDRIVE0&quot;} where resultclass = Win32_DiskPartition
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDriveToDiskPartition where Antecedent=&quot;Win32_DiskDrive.DeviceID=\&quot;\\\\\\\\.\\\\PHYSICALDRIVE0\&quot;&quot;
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\ROOT\cimv2:Win32_DiskDrive.DeviceID=&quot;\\\\.\\PHYSICALDRIVE0&quot;} where resultclass = Win32_DiskPartition
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDriveToDiskPartition where Antecedent=&quot;Win32_DiskDrive.DeviceID=\&quot;\\\\\\\\.\\\\PHYSICALDRIVE0\&quot;&quot;
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\ROOT\cimv2:Win32_DiskDrive.DeviceID=&quot;\\\\.\\PHYSICALDRIVE0&quot;} where resultclass = Win32_DiskPartition
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDriveToDiskPartition where Antecedent=&quot;Win32_DiskDrive.DeviceID=\&quot;\\\\\\\\.\\\\PHYSICALDRIVE0\&quot;&quot;
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\ROOT\cimv2:Win32_DiskDrive.DeviceID=&quot;\\\\.\\PHYSICALDRIVE0&quot;} where resultclass = Win32_DiskPartition
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDriveToDiskPartition where Antecedent=&quot;Win32_DiskDrive.DeviceID=\&quot;\\\\\\\\.\\\\PHYSICALDRIVE0\&quot;&quot;
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\ROOT\cimv2:Win32_DiskDrive.DeviceID=&quot;\\\\.\\PHYSICALDRIVE0&quot;} where resultclass = Win32_DiskPartition
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDriveToDiskPartition where Antecedent=&quot;Win32_DiskDrive.DeviceID=\&quot;\\\\\\\\.\\\\PHYSICALDRIVE0\&quot;&quot;
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\ROOT\cimv2:Win32_DiskDrive.DeviceID=&quot;\\\\.\\PHYSICALDRIVE0&quot;} where resultclass = Win32_DiskPartition
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDriveToDiskPartition where Antecedent=&quot;Win32_DiskDrive.DeviceID=\&quot;\\\\\\\\.\\\\PHYSICALDRIVE0\&quot;&quot;
                                Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select PhysicalAdapter,Name,PNPDeviceID from Win32_NetworkAdapter
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select PhysicalAdapter,Name,PNPDeviceID from Win32_NetworkAdapter
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select PhysicalAdapter,Name,PNPDeviceID from Win32_NetworkAdapter
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                                Queries sensitive service information (via WMI, MSSMBios_RawSMBiosTables, often done to detect sandboxes)
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeWMI Queries: IWbemServices::ExecQuery - root\WMI : SELECT * FROM MSSMBios_RawSMBiosTables
                                Queries sensitive service information (via WMI, WIN32_SERVICE, often done to detect sandboxes)
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : select Name,DisplayName,Description,State from Win32_Service
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : select Name,DisplayName,Description,State from Win32_Service
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : select Name,DisplayName,Description,State from Win32_Service
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : select Name,DisplayName,Description,State from Win32_Service
                                Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #0&quot;} where resultclass = Win32_LogicalDisk
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #0\&quot;&quot;
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #1&quot;} where resultclass = Win32_LogicalDisk
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #1\&quot;&quot;
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #2&quot;} where resultclass = Win32_LogicalDisk
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #2\&quot;&quot;
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Size,FreeSpace,Name FROM Win32_LogicalDisk where DriveType=3
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #0&quot;} where resultclass = Win32_LogicalDisk
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #0\&quot;&quot;
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #1&quot;} where resultclass = Win32_LogicalDisk
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #1\&quot;&quot;
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #2&quot;} where resultclass = Win32_LogicalDisk
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #2\&quot;&quot;
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #0&quot;} where resultclass = Win32_LogicalDisk
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #0\&quot;&quot;
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #1&quot;} where resultclass = Win32_LogicalDisk
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #1\&quot;&quot;
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #2&quot;} where resultclass = Win32_LogicalDisk
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #2\&quot;&quot;
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Size,FreeSpace,Name FROM Win32_LogicalDisk where DriveType=3
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #0&quot;} where resultclass = Win32_LogicalDisk
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #0\&quot;&quot;
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #1&quot;} where resultclass = Win32_LogicalDisk
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #1\&quot;&quot;
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #2&quot;} where resultclass = Win32_LogicalDisk
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #2\&quot;&quot;
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #0&quot;} where resultclass = Win32_LogicalDisk
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #0\&quot;&quot;
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #1&quot;} where resultclass = Win32_LogicalDisk
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #1\&quot;&quot;
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #2&quot;} where resultclass = Win32_LogicalDisk
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #2\&quot;&quot;
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Size,FreeSpace,Name FROM Win32_LogicalDisk where DriveType=3
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #0&quot;} where resultclass = Win32_LogicalDisk
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #0\&quot;&quot;
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #1&quot;} where resultclass = Win32_LogicalDisk
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #1\&quot;&quot;
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #2&quot;} where resultclass = Win32_LogicalDisk
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #2\&quot;&quot;
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : associators of {\\user-PC\root\CIMV2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #0&quot;} where resultclass = Win32_LogicalDisk
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #0\&quot;&quot;
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : associators of {\\user-PC\root\CIMV2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #1&quot;} where resultclass = Win32_LogicalDisk
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #1\&quot;&quot;
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : associators of {\\user-PC\root\CIMV2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #2&quot;} where resultclass = Win32_LogicalDisk
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #2\&quot;&quot;
                                Queries sensitive sound device information (via WMI, Win32_SoundDevice, often done to detect virtual machines)
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_SoundDevice
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_SoundDevice
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_SoundDevice
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 23539A20000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 23553550000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 1CC87C30000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 1CC9FD70000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 238C2690000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 238DABE0000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 231E8230000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 231E87D0000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 22F5C9D0000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 22F74FD0000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 27C319F0000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 27C49F10000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeMemory allocated: 15FBFEF0000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeMemory allocated: 15FD8420000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeMemory allocated: 1617CF10000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeMemory allocated: 1617D460000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 25EB2800000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 25ECA990000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeMemory allocated: 2AD8A450000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeMemory allocated: 2ADA2560000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 1D187630000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 1D19FC70000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeMemory allocated: 1934EE10000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeMemory allocated: 19367500000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeMemory allocated: 24FAB040000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeMemory allocated: 24FC3580000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeMemory allocated: 1C1BBE70000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeMemory allocated: 1C1D4500000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeMemory allocated: 1FADCBC0000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeMemory allocated: 1FAF5230000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exeMemory allocated: 2386EB10000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exeMemory allocated: 2386F1E0000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeMemory allocated: 1D428AA0000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeMemory allocated: 1D4412A0000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exeMemory allocated: 2A7087B0000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exeMemory allocated: 2A721070000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exeMemory allocated: 1F198800000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exeMemory allocated: 1F1B0E00000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 600000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599891
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599780
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599671
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599562
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599453
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599341
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599233
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599125
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599016
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598891
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598766
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598656
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598547
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598437
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598328
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598219
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598094
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597976
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597860
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597735
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597610
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597485
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597360
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597235
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597110
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596985
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596860
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596735
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596594
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596484
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596375
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596266
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596141
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596016
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 595906
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 595794
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 595688
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 595563
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 600000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599844
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599730
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599547
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599344
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599187
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599062
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598952
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598829
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598703
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598590
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598479
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598365
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598240
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598083
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597937
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597500
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597354
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597248
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597128
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596890
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596781
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596670
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596555
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596424
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596297
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596184
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596062
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595950
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595781
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595672
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595562
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595440
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595326
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595214
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595024
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594778
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594594
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594468
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594359
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594249
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594140
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594031
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593921
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593812
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593686
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593561
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593437
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593328
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593218
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593094
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 592962
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 592844
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 592731
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 592624
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 592500
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 592386
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 592280
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 592158
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 592042
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 591922
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 591812
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 591700
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 591578
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 591469
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 591356
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 600000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599878
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599750
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599640
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599525
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599422
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599297
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599169
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599059
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598952
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598843
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598732
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598624
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598499
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598390
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598281
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598169
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598062
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597950
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597810
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597702
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597593
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597483
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597375
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597265
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597141
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597031
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596921
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596807
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596687
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596577
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596462
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596359
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596250
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596140
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596030
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 595921
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 595808
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 595702
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 595593
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 595481
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 595375
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 600000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 599382
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 599229
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 599109
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 598781
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 598593
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 598441
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 598309
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 598140
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 597968
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 597797
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 597612
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 597453
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 597250
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 597117
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 596933
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 596809
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 596690
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 596533
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 596375
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 595875
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 595613
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 595406
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 595260
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 595124
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 594994
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 594853
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 594734
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 594613
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 594432
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 594294
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 594185
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 594053
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 593937
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 593765
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 593562
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 593039
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 592916
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 592795
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 592664
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 592456
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 592328
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 592216
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 592087
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 591938
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 591823
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 591706
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 591578
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 591464
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 591343
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 591224
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 591097
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 590937
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 590812
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 590661
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 590531
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 590415
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 590311
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 590195
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 590047
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 589927
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 589806
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 589698
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 589593
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 589482
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 589360
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 589234
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 589121
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 589003
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 588872
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 588740
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 588593
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 588452
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 588318
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 588203
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 588040
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 587922
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 587797
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 587682
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 587577
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 587468
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 587359
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 587236
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 587109
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 586996
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 586889
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 586781
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 586671
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 586562
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 586453
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 586343
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 586229
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 586124
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exeThread delayed: delay time: 7200000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exeThread delayed: delay time: 7199750
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exeThread delayed: delay time: 7199605
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWindow / User API: threadDelayed 6349
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWindow / User API: threadDelayed 3328
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWindow / User API: threadDelayed 8430
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWindow / User API: threadDelayed 999
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWindow / User API: threadDelayed 6168
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWindow / User API: threadDelayed 3686
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeWindow / User API: threadDelayed 9344
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeWindow / User API: threadDelayed 411
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWindow / User API: threadDelayed 8076
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWindow / User API: threadDelayed 1787
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeWindow / User API: threadDelayed 4139
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeWindow / User API: threadDelayed 1843
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWindow / User API: threadDelayed 1550
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeWindow / User API: threadDelayed 2514
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeWindow / User API: threadDelayed 7215
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeWindow / User API: threadDelayed 2190
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeWindow / User API: threadDelayed 517
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exeWindow / User API: threadDelayed 3265
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.AgentPackages.CommonLib.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\CredentialManagement.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Microsoft.ApplicationInsights.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.CommonLib.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.HttpListener.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encoding.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Contracts.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Drawing.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Dynamic.Runtime.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.Exceptions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.Xml.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.X509Certificates.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\StructureMap.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI6D01.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Debug.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.NetworkInformation.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Interop.WUApiLib.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.UserSecrets.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Encoding.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\NLog.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Data.SQLite.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI21D4.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ATERA Networks\AteraAgent\System.ValueTuple.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Primitives.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\System.ValueTuple.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\log4net.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Contracts.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.Queryable.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.Concurrent.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.OpenSsl.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encoding.Extensions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Thread.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.CSharp.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encoding.CodePages.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Diagnostics.DiagnosticSource.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.Primitives.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\ICSharpCode.SharpZipLib.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Csp.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebSockets.Client.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.ThreadPool.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3f5125.rbf (copy)Jump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\System.Diagnostics.DiagnosticSource.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Pipes.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.FileExtensions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\Pubnub.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Data.DataSetExtensions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.Primitives.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.WebSockets.Client.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Serialization.Formatters.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.Dataflow.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\win\lib\net6.0\System.Diagnostics.EventLog.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3f5127.rbf (copy)Jump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Atera.Agent.Package.Infrastructure.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.TraceSource.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Principal.Windows.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Csp.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ObjectModel.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI152C.tmpJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Diagnostics.EventLog.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Globalization.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Sockets.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Algorithms.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingTrayTMP.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Diagnostics.DiagnosticSource.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Core.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Claims.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Options.ConfigurationExtensions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1337.tmpJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackage.Common.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Emit.ILGeneration.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.ServiceProcess.ServiceController.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.CompilerServices.VisualC.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Formatters.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\Microsoft.ApplicationInsights.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Numerics.Vectors.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Console.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Ping.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Process.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Reflection.Extensions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Numerics.Vectors.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.Win32.Primitives.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.Parallel.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI52D0.tmp-\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Timer.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-string-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.ValueTuple.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI71D6.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Data.Common.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.FileSystemGlobbing.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.EventLog.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentPackage.Common.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingNotifications.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XmlDocument.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Security.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.TextWriterTraceListener.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Compression.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.Abstractions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\dotnet.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI8EF3.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.Brotli.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC3C8.tmpJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentCommunication.Models.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.NonGeneric.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingTray.exe (copy)Jump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\System.Buffers.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.DataAnnotations.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ATERA Networks\AteraAgent\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Primitives.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Transactions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XDocument.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XDocument.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Http.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Hosting.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Globalization.Extensions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.Queryable.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebClient.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1057.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-file-l1-2-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\hostpolicy.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.Utils.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Primitives.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\System.ValueTuple.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Security.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.Immutable.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\System.Memory.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.StackTrace.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.AppContext.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEBF.tmpJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\x64\SQLite.Interop.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.Common.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Text.RegularExpressions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.FileProviders.Abstractions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIA9F1.tmpJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Compression.ZipFile.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.TypeExtensions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encodings.Web.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\it\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.AppContext.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Primitives.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.AgentPackages.Exceptions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.DiagnosticSource.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.Sinks.File.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\WindowsBase.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Handles.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\pl\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XmlDocument.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Extensions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackages.Exceptions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI591B.tmp-\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\shimgen.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Buffers.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\StructureMap.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Http.Json.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\netstandard.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Primitives.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Tasks.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Atera.Agent.Package.Tools.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Handles.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.Extensions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\zh-Hant\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Process.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XmlSerializer.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\browser\lib\net6.0\System.Text.Encodings.Web.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebSockets.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\StructureMap.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Numerics.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.CommonLib.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Buffers.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\netstandard.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI52D0.tmp-\System.Management.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3f5128.rbf (copy)Jump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ATERA Networks\AteraAgent\Pubnub.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI591B.tmp-\System.Management.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\t2tWinFormAppBarLib.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.NetworkInformation.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\7z.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\Microsoft.ApplicationInsights.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\createdump.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\NLog.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.DriveInfo.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\win\lib\net6.0\System.Diagnostics.EventLog.Messages.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.Linq.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Resources.Writer.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.MemoryMappedFiles.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Numerics.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.InteropServices.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.Parallel.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Tools.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Console.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XPath.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.NameResolution.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.EventSource.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Diagnostics.DiagnosticSource.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI735E.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Metadata.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Memory.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.IsolatedStorage.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.VisualBasic.Core.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-console-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\System.Diagnostics.DiagnosticSource.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.CommandLine.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Reflection.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Http.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Json.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\cup.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3f5124.rbf (copy)Jump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\checksum.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Text.Json.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Resources.Writer.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\StructureMap.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Globalization.Calendars.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\NLog.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Polly.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.Utils.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Buffers.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebHeaderCollection.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.NameResolution.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.Win32.Primitives.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Hosting.Abstractions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\QRCoder.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.AccessControl.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\System.Buffers.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI8958.tmp-\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIDBE6.tmpJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.AgentPackages.ModelsV3.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.DiaSymReader.Native.amd64.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Extensions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Win32.TaskScheduler.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Claims.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Thread.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI591B.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.Utils.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.Extensions.Hosting.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Memory.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Microsoft.ApplicationInsights.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.ZipFile.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI52D0.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Buffers.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Requests.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC28D.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Channels.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.IsolatedStorage.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-file-l2-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Dapper.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Console.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\CredentialManagement.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Loader.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\ICSharpCode.SharpZipLib.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.SecureString.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Transactions.Local.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\IdleTimeFinder.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI8A01.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Memory.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\fr\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Formats.Asn1.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.Specialized.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\ICSharpCode.SharpZipLib.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI238C.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-console-l1-2-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.Win32.Registry.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Polly.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Pipes.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\clist.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Debug.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Quic.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\Atera.AgentPackage.Common.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Tracing.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.AgentPackage.Common.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.Annotations.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Emit.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Drawing.Primitives.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI6D01.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Serialization.Xml.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Text.Encodings.Web.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Principal.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\clrjit.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-file-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\CommunityToolkit.WinUI.Notifications.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XmlSerializer.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Ping.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Intrinsics.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Microsoft.Win32.TaskScheduler.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.Serialization.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.ModelsV3.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI7273.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscordaccore_amd64_amd64_6.0.3524.45918.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.ValueTuple.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\de\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\cuninst.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.DispatchProxy.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Polly.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2786.tmpJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Abstractions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\7z.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\CredentialManagement.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.MemoryMappedFiles.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.TraceSource.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.X509Certificates.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Dynamic.Runtime.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\RunScriptAsUser.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\System.Management.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.Watcher.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI52D0.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\win\lib\net6.0\System.ServiceProcess.ServiceController.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Extensions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\NLog.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\x86\SQLite.Interop.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.Native.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Tracing.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\x86\SQLite.Interop.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\coreclr.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.EnvironmentVariables.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSICB0C.tmpJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI8958.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Memory.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Web.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\clretwrc.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.Watcher.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Atera.AgentPackages.CommonLib.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\LiteDB.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Options.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.Xml.Linq.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\System.Diagnostics.DiagnosticSource.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ObjectModel.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Tools.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ServiceModel.Web.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\ru\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC369.tmpJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI8958.tmp-\System.Management.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.FileVersionInfo.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Atera.AgentPackage.Common.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XPath.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\Atera.AgentPackage.Common.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3f5126.rbf (copy)Jump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI9C62.tmpJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.StackTrace.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\host\fxr\6.0.35\hostfxr.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Xml.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.TextWriterTraceListener.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackage.Common.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.NonGeneric.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Overlapped.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\CliWrap.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.CoreLib.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1D6C.tmpJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.WebSockets.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.AccessControl.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Diagnostics.DiagnosticSource.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.UnmanagedMemoryStream.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscordaccore.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.Binder.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\UserDetections.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI591B.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI591B.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Reflection.Primitives.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI8958.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.Parallel.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XPath.XDocument.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.SecureString.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscordbi.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\choco.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Debug.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Drawing.Primitives.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Microsoft.ApplicationInsights.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Windows.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Timer.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeDropped PE file which has not been started: C:\Windows\Temp\SplashtopStreamer.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.UnmanagedMemoryStream.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebProxy.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.DataContractSerialization.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\Atera.AgentPackage.Common.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Http.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.RegularExpressions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\Atera.AgentPackage.Common.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Text.Encoding.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminderNotification.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\StructureMap.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ServiceProcess.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI6D01.tmp-\System.Management.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Json.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\chocolatey.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\chocolatey.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1C04.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIAA9E.tmpJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\EO.WebBrowser.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.ApplicationInsights.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Tasks.Parallel.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ValueTuple.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.Primitives.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.DriveInfo.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Resources.Reader.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-util-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.Uri.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Configuration.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Globalization.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\cpush.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\NLog.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Numerics.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.ThreadPool.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ValueTuple.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\dbgshim.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Algorithms.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Globalization.Extensions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\ThirdPartyPackageManager.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\BouncyCastle.Crypto.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.FileProviders.Physical.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.DiagnosticSource.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.InteropServices.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Resources.Reader.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.EventBasedAsync.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscorlib.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Resources.ResourceManager.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Buffers.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeRegistry key enumerated: More than 189 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                                Source: C:\Windows\SysWOW64\rundll32.exe TID: 6460Thread sleep time: -30000s >= -30000sJump to behavior
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 6488Thread sleep time: -60000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 1732Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 5796Thread sleep count: 6349 > 30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 5796Thread sleep count: 3328 > 30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7100Thread sleep count: 33 > 30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7100Thread sleep time: -30437127721620741s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7100Thread sleep time: -30000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 412Thread sleep time: -80000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 1512Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 6640Thread sleep time: -180000s >= -30000s
                                Source: C:\Windows\SysWOW64\rundll32.exe TID: 6192Thread sleep time: -30000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6020Thread sleep time: -30000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 984Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4568Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7148Thread sleep count: 8430 > 30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7148Thread sleep count: 999 > 30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 2228Thread sleep count: 37 > 30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 2228Thread sleep time: -34126476536362649s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 2228Thread sleep time: -30000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 4956Thread sleep time: -130000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 5508Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 5612Thread sleep time: -90000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4672Thread sleep count: 6168 > 30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3784Thread sleep count: 3686 > 30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -27670116110564310s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -600000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -599891s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -599780s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -599671s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -599562s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -599453s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -599341s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -599233s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -599125s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -599016s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -598891s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -598766s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -598656s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -598547s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -598437s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -598328s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -598219s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -598094s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -597976s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -597860s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -597735s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -597610s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -597485s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -597360s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -597235s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -597110s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -596985s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -596860s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -596735s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -596594s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -596484s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -596375s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -596266s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -596141s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -596016s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -595906s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -595794s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -595688s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5572Thread sleep time: -595563s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep count: 41 > 30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -37815825351104557s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -600000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4568Thread sleep count: 9344 > 30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -599844s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -599730s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -599547s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -599344s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -599187s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -599062s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -598952s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -598829s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -598703s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -598590s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -598479s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -598365s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -598240s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -598083s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -597937s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -597500s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -597354s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -597248s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -597128s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -597000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -596890s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -596781s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -596670s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -596555s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -596424s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -596297s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -596184s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -596062s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -595950s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -595781s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -595672s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -595562s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -595440s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -595326s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -595214s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -595024s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -594778s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -594594s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -594468s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -594359s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -594249s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -594140s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -594031s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -593921s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -593812s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -593686s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -593561s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -593437s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -593328s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -593218s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -593094s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -592962s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -592844s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -592731s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -592624s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -592500s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -592386s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -592280s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -592158s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -592042s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -591922s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -591812s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -591700s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -591578s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 4568Thread sleep count: 411 > 30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -591469s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2800Thread sleep time: -591356s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 2472Thread sleep count: 8076 > 30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep count: 31 > 30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -28592453314249787s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -600000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -599878s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -599750s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6772Thread sleep count: 1787 > 30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -599640s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -599525s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -599422s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -599297s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -599169s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -599059s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -598952s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -598843s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -598732s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -598624s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -598499s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -598390s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -598281s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -598169s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -598062s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -597950s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -597810s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -597702s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -597593s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -597483s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -597375s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -597265s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -597141s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -597031s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -596921s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -596807s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -596687s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -596577s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -596462s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -596359s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -596250s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -596140s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -596030s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -595921s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -595808s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -595702s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -595593s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -595481s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5384Thread sleep time: -595375s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 6788Thread sleep count: 4139 > 30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 6788Thread sleep count: 1843 > 30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 3848Thread sleep time: -16602069666338586s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 3848Thread sleep time: -30000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 1788Thread sleep time: -30000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 3396Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5648Thread sleep count: 1550 > 30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6000Thread sleep time: -30000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 2556Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 3948Thread sleep count: 2514 > 30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 6480Thread sleep time: -3689348814741908s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 6480Thread sleep time: -30000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 2812Thread sleep time: -30000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 6692Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe TID: 5512Thread sleep time: -60000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe TID: 6592Thread sleep time: -30000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe TID: 1488Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 1340Thread sleep count: 7215 > 30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep count: 34 > 30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -31359464925306218s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -600000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -599382s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -599229s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -599109s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -598781s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -598593s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -598441s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -598309s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -598140s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -597968s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -597797s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -597612s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -597453s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -597250s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -597117s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -596933s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -596809s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -596690s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -596533s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -596375s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -595875s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -595613s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -595406s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -595260s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -595124s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -594994s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -594853s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -594734s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -594613s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -594432s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -594294s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -594185s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -594053s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -593937s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -593765s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -593562s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -593039s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -592916s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -592795s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -592664s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -592456s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -592328s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -592216s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -592087s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -591938s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -591823s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -591706s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -591578s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -591464s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -591343s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -591224s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 1340Thread sleep count: 2190 > 30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -591097s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -590937s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -590812s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -590661s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -590531s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -590415s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -590311s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -590195s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -590047s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -589927s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -589806s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -589698s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -589593s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -589482s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -589360s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -589234s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -589121s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -589003s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -588872s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -588740s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -588593s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -588452s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -588318s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -588203s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -588040s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -587922s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -587797s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -587682s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -587577s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -587468s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -587359s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -587236s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -587109s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -586996s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -586889s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -586781s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -586671s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -586562s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -586453s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -586343s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -586229s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 2652Thread sleep time: -586124s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe TID: 7144Thread sleep time: -1844674407370954s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe TID: 408Thread sleep count: 517 > 30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe TID: 3712Thread sleep time: -30000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe TID: 432Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe TID: 7156Thread sleep count: 149 > 30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe TID: 4296Thread sleep time: -30000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe TID: 4672Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe TID: 6120Thread sleep time: -60000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe TID: 5608Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe TID: 3732Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe TID: 3732Thread sleep time: -7200000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe TID: 3732Thread sleep time: -7199750s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe TID: 3732Thread sleep time: -7199605s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe TID: 5968Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe TID: 6412Thread sleep count: 3265 > 30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe TID: 980Thread sleep time: -5534023222112862s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe TID: 2356Thread sleep time: -30000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe TID: 5436Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeFile opened: PhysicalDrive0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : select Manufacturer,SoftwareElementID,ReleaseDate from Win32_BIOS
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : select Manufacturer,SoftwareElementID,ReleaseDate from Win32_BIOS
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : select Manufacturer,SoftwareElementID,ReleaseDate from Win32_BIOS
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select PartOfDomain,Workgroup,Domain FROM Win32_ComputerSystem
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select PartOfDomain,Workgroup,Domain FROM Win32_ComputerSystem
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select PartOfDomain,Workgroup,Domain FROM Win32_ComputerSystem
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select PartOfDomain,Workgroup,Domain FROM Win32_ComputerSystem
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select MaxClockSpeed from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select MaxClockSpeed from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select MaxClockSpeed from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 30000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 90000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 30000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 90000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 600000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599891
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599780
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599671
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599562
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599453
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599341
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599233
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599125
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599016
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598891
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598766
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598656
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598547
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598437
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598328
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598219
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598094
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597976
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597860
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597735
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597610
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597485
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597360
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597235
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597110
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596985
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596860
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596735
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596594
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596484
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596375
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596266
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596141
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596016
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 595906
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 595794
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 595688
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 595563
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 600000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599844
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599730
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599547
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599344
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599187
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599062
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598952
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598829
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598703
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598590
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598479
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598365
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598240
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598083
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597937
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597500
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597354
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597248
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597128
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596890
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596781
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596670
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596555
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596424
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596297
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596184
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596062
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595950
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595781
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595672
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595562
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595440
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595326
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595214
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595024
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594778
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594594
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594468
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594359
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594249
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594140
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594031
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593921
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593812
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593686
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593561
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593437
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593328
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593218
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593094
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 592962
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 592844
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 592731
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 592624
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 592500
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 592386
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 592280
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 592158
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 592042
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 591922
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 591812
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 591700
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 591578
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 591469
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 591356
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 600000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599878
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599750
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599640
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599525
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599422
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599297
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599169
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599059
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598952
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598843
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598732
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598624
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598499
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598390
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598281
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598169
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598062
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597950
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597810
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597702
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597593
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597483
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597375
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597265
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597141
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597031
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596921
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596807
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596687
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596577
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596462
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596359
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596250
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596140
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596030
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 595921
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 595808
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 595702
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 595593
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 595481
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 595375
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeThread delayed: delay time: 30000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeThread delayed: delay time: 30000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 600000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 599382
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 599229
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 599109
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 598781
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 598593
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 598441
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 598309
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 598140
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 597968
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 597797
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 597612
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 597453
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 597250
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 597117
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 596933
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 596809
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 596690
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 596533
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 596375
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 595875
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 595613
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 595406
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 595260
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 595124
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 594994
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 594853
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 594734
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 594613
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 594432
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 594294
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 594185
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 594053
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 593937
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 593765
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 593562
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 593039
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 592916
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 592795
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 592664
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 592456
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 592328
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 592216
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 592087
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 591938
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 591823
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 591706
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 591578
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 591464
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 591343
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 591224
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 591097
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 590937
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 590812
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 590661
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 590531
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 590415
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 590311
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 590195
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 590047
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 589927
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 589806
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 589698
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 589593
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 589482
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 589360
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 589234
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 589121
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 589003
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 588872
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 588740
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 588593
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 588452
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 588318
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 588203
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 588040
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 587922
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 587797
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 587682
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 587577
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 587468
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 587359
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 587236
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 587109
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 586996
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 586889
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 586781
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 586671
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 586562
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 586453
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 586343
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 586229
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeThread delayed: delay time: 586124
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exeThread delayed: delay time: 7200000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exeThread delayed: delay time: 7199750
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exeThread delayed: delay time: 7199605
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeFile opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-CheckSumValid.ps1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeFile opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Format-FileSize.ps1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeFile opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-EnvironmentVariableNames.ps1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeFile opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-EnvironmentVariable.ps1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeFile opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-ChocolateyUnzip.ps1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeFile opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-ChocolateyWebFile.ps1
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87DC7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Data Exchange Service0
                                Source: AgentPackageAgentInformation.exe, 0000002D.00000002.3108547048.000001D1A06CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware
                                Source: AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA0A4C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWw
                                Source: svchost.exe, 0000002A.00000002.3351409144.0000023EE66B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @SetPropValue.FriendlyName("VMware Virtual disk");
                                Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2649064091.0000027C31707000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2666249386.0000025ECB280000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000002D.00000002.3076587822.000001D1A0490000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
                                Source: AgentPackageInternalPoller.exe, 0000003A.00000002.2905892729.000002386FA20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll^^|C
                                Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2668839548.0000027C4A7E2000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2669378532.0000025ECB339000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_ServiceSynchronizes the system time of this virtual machine with the system time of the physical computer.Hyper-V Time Synchronization ServicevmictimesyncStopped
                                Source: AgentPackageAgentInformation.exe, 00000024.00000002.2668882183.0000025ECB309000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_Service.Name="vmicvss"
                                Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2665406123.0000027C4A753000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_ServicevmicshutdownvmicshutdownStoppedBB+nc
                                Source: AteraAgent.exe, 0000000D.00000002.2182517157.0000023553CE7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2182517157.0000023553C95000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2738524015.000001CCA0A87000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2733842227.000001CCA0499000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002F.00000002.3105681849.0000019368D1D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                                Source: svchost.exe, 0000002A.00000002.3348457898.0000023EE6650000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.VMware20,1NoneVMware-42 27 d9 2e dc 89 72 dd-92 e8 86 9f a5 a6 64 93
                                Source: AgentPackageAgentInformation.exe, 0000002D.00000002.2953858003.000001D1873B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_ServiceProvides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system.HV Host ServiceHvHostStopped?W
                                Source: AgentPackageProgramManagement.exe, 00000038.00000000.2780901484.000001FADC892000.00000002.00000001.01000000.00000029.sdmpBinary or memory string: VMware Tools)Cisco Webex Meetings
                                Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2670395326.0000027C4A96E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll(
                                Source: AgentPackageAgentInformation.exe, 00000024.00000002.2670894289.0000025ECB3B4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll!!9M
                                Source: AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F5E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.VMW201.00V.20829224.B64.221121184211/21/2022
                                Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2649064091.0000027C31680000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2649907445.0000025EB21F4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000002D.00000002.2953858003.000001D1873B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system.
                                Source: AgentPackageAgentInformation.exe, 0000002D.00000002.3108547048.000001D1A06CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Virtual disk
                                Source: svchost.exe, 0000002A.00000002.3348293198.0000023EE6613000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMwareVirtual disk2.06000c292b65879ff477a6af604113f58PCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN
                                Source: AteraAgent.exe, 0000000D.00000002.2182517157.0000023553C10000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%\System32\ci.dll,-101
                                Source: AgentPackageAgentInformation.exe, 0000002D.00000002.2973160106.000001D187CF3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: |Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system.
                                Source: AgentPackageSTRemote.exe, 0000001F.00000002.3375067155.0000015FD8E60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlluu
                                Source: AgentPackageAgentInformation.exe, 00000013.00000000.2360050618.00000238C2272000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: VIRUSfighterAVMware Carbon Black Cloud Sensor7VMware Carbon Black Defense/VMware Carbon Black EDR9VMware Carbon Black Response
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87DC7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: !Hyper-V PowerShell Direct Service0
                                Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2649064091.0000027C31707000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_ServiceProvides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer.Hyper-V Data Exchange ServicevmickvpexchangeStopped[(Mm
                                Source: AgentPackageAgentInformation.exe, 00000024.00000002.2666754929.0000025ECB2AB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_ServicevmicshutdownvmicshutdownStopped
                                Source: svchost.exe, 0000002A.00000002.3349405354.0000023EE66A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVirtual disk2.06000c292b65879ff477a6af604113f58PCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN 006000C292B65879FF477A6AF604113F58
                                Source: AgentPackageAgentInformation.exe, 0000002D.00000002.3126006908.000001D1A075A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ware Virtual diskVMwareVirtual disk6000c292b65879ff477a6af604113f58PCI Slot 32 : Bus 2 :
                                Source: AgentPackageAgentInformation.exe, 0000002D.00000002.2973160106.000001D187CF3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicshutdown
                                Source: AgentPackageAgentInformation.exe, 00000024.00000002.2666754929.0000025ECB2AB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_ServicevmicheartbeatvmicheartbeatStopped
                                Source: AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
                                Source: svchost.exe, 0000002A.00000002.3348457898.0000023EE6650000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JSetPropValue.Manufacturer("VMware");
                                Source: AgentPackageMonitoring.exe, 0000002B.00000002.2647176737.000002AD8A64E000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F5E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: IsVirtualMachine
                                Source: AteraAgent.exe, 00000017.00000002.3280065409.0000022F75934000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll0
                                Source: AgentPackageAgentInformation.exe, 0000002D.00000002.2973160106.000001D187CF3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $Hyper-V Time Synchronization Service
                                Source: AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F5E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware20,1
                                Source: AgentPackageAgentInformation.exe, 0000002D.00000002.3076587822.000001D1A0490000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmicvss
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87DC7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Service Interface0
                                Source: AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F5E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA IIES1371
                                Source: AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F5E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware Virtual RAM
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87DC7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $Hyper-V Volume Shadow Copy Requestor0
                                Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2666495512.0000027C4A77C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_ServicevmicvssvmicvssStopped1
                                Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2649064091.0000027C31707000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2666249386.0000025ECB280000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000002D.00000002.2973160106.000001D187CF3000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000002D.00000002.3076587822.000001D1A0490000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Data Exchange Service
                                Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2668839548.0000027C4A7E2000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2669143418.0000025ECB31C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine.
                                Source: svchost.exe, 0000002A.00000002.3351409144.0000023EE66B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @friendlyname"vmware virtual disk"lse
                                Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2668839548.0000027C4A7E2000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2669143418.0000025ECB31C000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000002D.00000002.2973160106.000001D187CF3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Service Interface
                                Source: AgentPackageAgentInformation.exe, 0000002D.00000002.2973160106.000001D187CF3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: -Hyper-V Remote Desktop Virtualization Service
                                Source: AgentPackageAgentInformation.exe, 0000002D.00000002.3086812346.000001D1A0546000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmicheartbeat
                                Source: svchost.exe, 0000002A.00000002.3348457898.0000023EE6650000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dSetPropValue.FriendlyName("VMware Virtual disk");
                                Source: svchost.exe, 0000002A.00000002.3348347921.0000023EE662B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.VMware20,1NoneVMware-42 27 d9 2e dc 89 72 dd-92 e8 86 9f a5 a6 64 93sH
                                Source: AgentPackageProgramManagement.exe, 00000038.00000002.3013835936.000001FAF5B38000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllW
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87DC7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: -Hyper-V Remote Desktop Virtualization Service0
                                Source: AgentPackageMonitoring.exe, 0000002F.00000002.3098310849.0000019368CC0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
                                Source: AgentPackageAgentInformation.exe, 0000002D.00000002.2973160106.000001D187CF3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qProvides an interface for the Hyper-V host to interact with specific services running inside the virtual machine.
                                Source: rundll32.exe, 00000011.00000002.2235717169.00000000030E3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2234567321.00000000030E3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllN
                                Source: AgentPackageAgentInformation.exe, 0000002D.00000002.3086812346.000001D1A0546000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmicshutdown#
                                Source: AgentPackageAgentInformation.exe, 0000002D.00000002.3076587822.000001D1A0490000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_ServicevmicvssvmicvssStopped
                                Source: AgentPackageAgentInformation.exe, 0000002D.00000002.2973160106.000001D187CF3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: "Win32_Service.Name="vmicheartbeat"p^
                                Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2668839548.0000027C4A7E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmicshutdown%
                                Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2668839548.0000027C4A7E2000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2669378532.0000025ECB339000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Time Synchronization Service
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87DC7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Shutdown Service0
                                Source: svchost.exe, 0000002A.00000002.3349405354.0000023EE66A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ?XSCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
                                Source: AgentPackageAgentInformation.exe, 00000024.00000002.2669143418.0000025ECB31C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_ServiceProvides an interface for the Hyper-V host to interact with specific services running inside the virtual machine.Hyper-V Guest Service InterfacevmicguestinterfaceStopped?&h
                                Source: AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F5E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware20,12
                                Source: svchost.exe, 0000002A.00000002.3349405354.0000023EE66A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Virtual disk6000C292B65879FF477A6AF604113F580VMwareVirtual disk6000c292b65879ff477a6af604113f582.0
                                Source: AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F5E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
                                Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2668839548.0000027C4A7E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_ServiceProvides an interface for the Hyper-V host to interact with specific services running inside the virtual machine.Hyper-V Guest Service InterfacevmicguestinterfaceStopped
                                Source: AgentPackageMonitoring.exe, 0000002F.00000002.3098310849.0000019368CC0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.V<
                                Source: rundll32.exe, 00000005.00000002.2110326469.0000000002706000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2390728030.00000238DB57C000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002B.00000002.2658023197.000002ADA2E8B000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000002D.00000002.3104273063.000001D1A0694000.00000004.00000020.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 00000034.00000002.3226195005.0000024FC3DFA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                Source: AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F5E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.NoneVMware-42 27 d9 2e dc 89 72 dd-92 e8 86 9f a5 a6 64 93VMware20,1
                                Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2649064091.0000027C31680000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2649907445.0000025EB21F4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_ServiceProvides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system.HV Host ServiceHvHostStopped
                                Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2649064091.0000027C31707000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2666249386.0000025ECB280000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000002D.00000002.3076587822.000001D1A0490000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_ServiceProvides a platform for communication between the virtual machine and the operating system running on the physical computer.Hyper-V Remote Desktop Virtualization ServicevmicrdvStopped
                                Source: AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F5E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware-42 27 d9 2e dc 89 72 dd-92 e8 86 9f a5 a6 64 93
                                Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2668839548.0000027C4A7E2000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2669378532.0000025ECB339000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_ServiceProvides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network.Hyper-V PowerShell Direct ServicevmicvmsessionStopped
                                Source: AteraAgent.exe, 0000000E.00000002.2755186667.000001CCA0FA4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000000.2451905347.000001617CB62000.00000002.00000001.01000000.0000001B.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.2473335325.000001617D3C2000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: get_IsVirtualMachine
                                Source: AgentPackageAgentInformation.exe, 0000002D.00000002.2973160106.000001D187CF3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Win32_Service.Name="vmicvss"p^
                                Source: AgentPackageAgentInformation.exe, 0000001A.00000002.2668839548.0000027C4A7E2000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2669378532.0000025ECB339000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
                                Source: AgentPackageAgentInformation.exe, 0000002D.00000002.2973160106.000001D187CF3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: !Win32_Service.Name="vmicshutdown"p^
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87DC7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $Hyper-V Time Synchronization Service0
                                Source: AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F5E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware Virtual RAM00000001VMW-4096MBRAM slot #0RAM slot #0
                                Source: AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F5E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 6VMware-42 27 d9 2e dc 89 72 dd-92 e8 86 9f a5 a6 64 93
                                Source: AgentPackageAgentInformation.exe, 0000002D.00000002.3108547048.000001D1A06CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: MSFT_PhysicalDisk{1}\\user-PC\root/Microsoft/Windows/Storage/Providers_v2\SPACES_PhysicalDisk.ObjectId="{a33c734b-61ca-11ee-8c18-806e6f6e6963}:PD:{baefc400-1cb2-6d19-d2b5-4ac4ae014b83}"6000C292B65879FF477A6AF604113F58VMware Virtual diskVMwareVirtual disk6000c292b65879ff477a6af604113f58PCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN 0
                                Source: svchost.exe, 0000002A.00000002.3351409144.0000023EE66B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @SetPropValue.Manufacturer("VMware");
                                Source: AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87DC7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Heartbeat Service0
                                Source: svchost.exe, 0000002A.00000003.2596707612.0000023EE6B44000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SPACES_PhysicalDisk{a33c734b-61ca-11ee-8c18-806e6f6e6963}:PD:{baefc400-1cb2-6d19-d2b5-4ac4ae014b83}6000C292B65879FF477A6AF604113F58VMware Virtual diskVMwareVirtual disk6000c292b65879ff477a6af604113f58PCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN 0
                                Source: svchost.exe, 0000002A.00000002.3349405354.0000023EE66A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVirtual disk2.06000c292b65879ff477a6af604113f58PCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN 0
                                Source: AgentPackageAgentInformation.exe, 00000024.00000002.2666249386.0000025ECB280000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000002D.00000002.3076587822.000001D1A0490000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_ServiceProvides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer.Hyper-V Data Exchange ServicevmickvpexchangeStopped
                                Source: AgentPackageAgentInformation.exe, 0000002D.00000002.2973160106.000001D187CF3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: !Hyper-V PowerShell Direct Service
                                Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
                                Source: C:\Windows\System32\sppsvc.exeProcess queried: DebugPort
                                Source: C:\Windows\System32\sppsvc.exeProcess queried: DebugPort
                                Source: C:\Windows\System32\sppsvc.exeProcess queried: DebugPort
                                Source: C:\Windows\System32\sppsvc.exeProcess queried: DebugPort
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F655E14 IsDebuggerPresent,__crtUnhandledException,GetCurrentProcess,TerminateProcess,43_2_00007FF89F655E14
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F661910 EncodePointer,__crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,43_2_00007FF89F661910
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F661910 EncodePointer,__crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,43_2_00007FF89F661910
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F657A84 GetProcessHeap,43_2_00007FF89F657A84
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F65ACD4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,43_2_00007FF89F65ACD4
                                Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: page read and write | page guardJump to behavior

                                HIPS / PFW / Operating System Protection Evasion

                                barindex
                                System process connects to network (likely due to code injection or exploit)
                                Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 40.119.152.241 443
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="gratefullytatum@gmail.com" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000MveCAIAZ" /AgentId="efdd2c58-d53a-48e0-bd64-b73430c78939"Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe
                                Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "4a6f545b-aae0-4508-bfae-1a58ed989cb7" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "4742ab29-7a91-4005-8b85-9d822d2d207b" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "c61212b5-ba91-4c65-bc4f-c4676c20bb42" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "81622bfe-fdc1-4fd4-b863-087ece04432b" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIn0=" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "ccc9e31c-ab21-4891-b7ee-8c3371f201f4" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "c61212b5-ba91-4c65-bc4f-c4676c20bb42" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "ccc9e31c-ab21-4891-b7ee-8c3371f201f4" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "6d3932b7-d595-4ec1-ba45-8ee0e9e068b8" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "6dc6b569-88f8-4c0b-ba4d-f407efaa2a09" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "c293db25-a44a-4495-86a5-1d156f7b88b1" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "1a38e639-d8b2-4578-a9b2-1e798ca9efea" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "d3c5afbf-763e-48ba-a818-4ee2d8365577" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "175cc305-cc6c-4927-a3b6-18d54ad920b0" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "276ad274-97c6-4ad6-a5ad-71fef5b6c1d9" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "3caeb474-f589-4b7e-af90-d040b4bb9be8" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000MveCAIAZ
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cscript.exe cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cscript.exe cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cscript.exe cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "c:\program files (x86)\atera networks\ateraagent\ateraagent.exe" /i /integratorlogin="gratefullytatum@gmail.com" /companyid="1" /integratorloginui="" /companyidui="" /folderid="" /accountid="001q300000mvecaiaz" /agentid="efdd2c58-d53a-48e0-bd64-b73430c78939"
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "4a6f545b-aae0-4508-bfae-1a58ed989cb7" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000mvecaiaz
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "4742ab29-7a91-4005-8b85-9d822d2d207b" agent-api.atera.com/production 443 or8ixli90mf "identified" 001q300000mvecaiaz
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "c61212b5-ba91-4c65-bc4f-c4676c20bb42" agent-api.atera.com/production 443 or8ixli90mf "generalinfo fromgui" 001q300000mvecaiaz
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackagestremote\agentpackagestremote.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "81622bfe-fdc1-4fd4-b863-087ece04432b" agent-api.atera.com/production 443 or8ixli90mf "install eyjsbw1db2rlijoiafpdrezqaes3nw1kin0=" 001q300000mvecaiaz
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackagemonitoring\agentpackagemonitoring.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "ccc9e31c-ab21-4891-b7ee-8c3371f201f4" agent-api.atera.com/production 443 or8ixli90mf "syncprofile" 001q300000mvecaiaz
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackagemonitoring\agentpackagemonitoring.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "ccc9e31c-ab21-4891-b7ee-8c3371f201f4" agent-api.atera.com/production 443 or8ixli90mf "syncprofile" 001q300000mvecaiaz
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "6d3932b7-d595-4ec1-ba45-8ee0e9e068b8" agent-api.atera.com/production 443 or8ixli90mf "generalinfo" 001q300000mvecaiaz
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackagemonitoring\agentpackagemonitoring.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "6dc6b569-88f8-4c0b-ba4d-f407efaa2a09" agent-api.atera.com/production 443 or8ixli90mf "monitor" 001q300000mvecaiaz
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageupgradeagent\agentpackageupgradeagent.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "c293db25-a44a-4495-86a5-1d156f7b88b1" agent-api.atera.com/production 443 or8ixli90mf "checkforupdates" 001q300000mvecaiaz
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageticketing\agentpackageticketing.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "1a38e639-d8b2-4578-a9b2-1e798ca9efea" agent-api.atera.com/production 443 or8ixli90mf "maintain" 001q300000mvecaiaz
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageprogrammanagement\agentpackageprogrammanagement.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "d3c5afbf-763e-48ba-a818-4ee2d8365577" agent-api.atera.com/production 443 or8ixli90mf "syncinstalledapps" 001q300000mvecaiaz
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageinternalpoller\agentpackageinternalpoller.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "175cc305-cc6c-4927-a3b6-18d54ad920b0" agent-api.atera.com/production 443 or8ixli90mf "pollall" 001q300000mvecaiaz
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackagesystemtools\agentpackagesystemtools.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "276ad274-97c6-4ad6-a5ad-71fef5b6c1d9" agent-api.atera.com/production 443 or8ixli90mf "probe" 001q300000mvecaiaz
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageosupdates\agentpackageosupdates.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "3caeb474-f589-4b7e-af90-d040b4bb9be8" agent-api.atera.com/production 443 or8ixli90mf "getlistofallupdates" 001q300000mvecaiaz
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "c:\program files (x86)\atera networks\ateraagent\ateraagent.exe" /i /integratorlogin="gratefullytatum@gmail.com" /companyid="1" /integratorloginui="" /companyidui="" /folderid="" /accountid="001q300000mvecaiaz" /agentid="efdd2c58-d53a-48e0-bd64-b73430c78939"Jump to behavior
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "4a6f545b-aae0-4508-bfae-1a58ed989cb7" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000mvecaiaz
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "4742ab29-7a91-4005-8b85-9d822d2d207b" agent-api.atera.com/production 443 or8ixli90mf "identified" 001q300000mvecaiaz
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "c61212b5-ba91-4c65-bc4f-c4676c20bb42" agent-api.atera.com/production 443 or8ixli90mf "generalinfo fromgui" 001q300000mvecaiaz
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackagestremote\agentpackagestremote.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "81622bfe-fdc1-4fd4-b863-087ece04432b" agent-api.atera.com/production 443 or8ixli90mf "install eyjsbw1db2rlijoiafpdrezqaes3nw1kin0=" 001q300000mvecaiaz
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackagemonitoring\agentpackagemonitoring.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "ccc9e31c-ab21-4891-b7ee-8c3371f201f4" agent-api.atera.com/production 443 or8ixli90mf "syncprofile" 001q300000mvecaiaz
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "c61212b5-ba91-4c65-bc4f-c4676c20bb42" agent-api.atera.com/production 443 or8ixli90mf "generalinfo fromgui" 001q300000mvecaiaz
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackagemonitoring\agentpackagemonitoring.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "ccc9e31c-ab21-4891-b7ee-8c3371f201f4" agent-api.atera.com/production 443 or8ixli90mf "syncprofile" 001q300000mvecaiaz
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "6d3932b7-d595-4ec1-ba45-8ee0e9e068b8" agent-api.atera.com/production 443 or8ixli90mf "generalinfo" 001q300000mvecaiaz
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackagemonitoring\agentpackagemonitoring.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "6dc6b569-88f8-4c0b-ba4d-f407efaa2a09" agent-api.atera.com/production 443 or8ixli90mf "monitor" 001q300000mvecaiaz
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageupgradeagent\agentpackageupgradeagent.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "c293db25-a44a-4495-86a5-1d156f7b88b1" agent-api.atera.com/production 443 or8ixli90mf "checkforupdates" 001q300000mvecaiaz
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageticketing\agentpackageticketing.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "1a38e639-d8b2-4578-a9b2-1e798ca9efea" agent-api.atera.com/production 443 or8ixli90mf "maintain" 001q300000mvecaiaz
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageprogrammanagement\agentpackageprogrammanagement.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "d3c5afbf-763e-48ba-a818-4ee2d8365577" agent-api.atera.com/production 443 or8ixli90mf "syncinstalledapps" 001q300000mvecaiaz
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageinternalpoller\agentpackageinternalpoller.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "175cc305-cc6c-4927-a3b6-18d54ad920b0" agent-api.atera.com/production 443 or8ixli90mf "pollall" 001q300000mvecaiaz
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackagesystemtools\agentpackagesystemtools.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "276ad274-97c6-4ad6-a5ad-71fef5b6c1d9" agent-api.atera.com/production 443 or8ixli90mf "probe" 001q300000mvecaiaz
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageosupdates\agentpackageosupdates.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "3caeb474-f589-4b7e-af90-d040b4bb9be8" agent-api.atera.com/production 443 or8ixli90mf "getlistofallupdates" 001q300000mvecaiaz
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F65739C cpuid 43_2_00007FF89F65739C
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductId
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductId
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductId
                                Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI52D0.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI52D0.tmp-\AlphaControlAgentInstallation.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI591B.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI591B.tmp-\AlphaControlAgentInstallation.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI591B.tmp-\Newtonsoft.Json.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI6D01.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI6D01.tmp-\AlphaControlAgentInstallation.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI8958.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI8958.tmp-\AlphaControlAgentInstallation.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI8958.tmp-\Newtonsoft.Json.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Newtonsoft.Json.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Atera.AgentPackage.Common.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\StructureMap.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.CommonLib.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\StructureMap.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.CommonLib.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\OpenHardwareMonitorLib.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Polly.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading.Tasks\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.Tasks.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\NLog.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Newtonsoft.Json.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Collections.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Linq.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ValueTuple\v4.0_4.0.0.0__cc7b13ffcd2ddd51\System.ValueTuple.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Data.SQLite.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Dapper.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\StructureMap.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.CommonLib.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\OpenHardwareMonitorLib.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Polly.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading.Tasks\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.Tasks.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\NLog.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Newtonsoft.Json.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Collections.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Linq.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ValueTuple\v4.0_4.0.0.0__cc7b13ffcd2ddd51\System.ValueTuple.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Data.SQLite.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Dapper.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Atera.AgentPackage.Common.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Newtonsoft.Json.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Microsoft.Win32.TaskScheduler.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\Newtonsoft.Json.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\Atera.AgentPackage.Common.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\ThirdPartyPackageManager.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\Newtonsoft.Json.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\Atera.AgentPackage.Common.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\chocolatey.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\log4net.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Newtonsoft.Json.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentPackage.Common.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Polly.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading.Tasks\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.Tasks.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Collections.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Linq.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentCommunication.Models.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\SharpSnmpLib.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Atera.AgentPackage.Common.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Newtonsoft.Json.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\Atera.AgentPackage.Common.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\Newtonsoft.Json.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\Microsoft.ApplicationInsights.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\System.Diagnostics.DiagnosticSource.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\StructureMap.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.CommonLib.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Interop.WUApiLib.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.Common.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Polly.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Newtonsoft.Json.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\NLog.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.ApplicationInsights.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.DiagnosticSource.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F65CC04 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,43_2_00007FF89F65CC04
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F6585D4 _lock,_get_daylight,_get_daylight,_get_daylight,___lc_codepage_func,free,_malloc_crt,_invoke_watson,free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,43_2_00007FF89F6585D4
                                Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 Blob
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from AntiVirusProduct
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from AntiSpywareProduct
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from FirewallProduct
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from AntiVirusProduct
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from AntiSpywareProduct
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from FirewallProduct
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from AntiVirusProduct
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from AntiSpywareProduct
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from FirewallProduct
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from AntiVirusProduct
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from AntiSpywareProduct
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from FirewallProduct

                                Stealing of Sensitive Information

                                barindex
                                Queries disk data (e.g. SMART data)
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeDevice IO: \Device\Harddisk0\DR0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeDevice IO: \Device\Harddisk0\DR0

                                Remote Access Functionality

                                barindex
                                Yara detected AteraAgent
                                Source: Yara matchFile source: 56.0.AgentPackageProgramManagement.exe.1fadc890000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 63.2.AgentPackageOsUpdates.exe.1f198840000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 54.0.AgentPackageTicketing.exe.1c1bba70000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 52.0.AgentPackageUpgradeAgent.exe.24faac20000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 58.0.AgentPackageInternalPoller.exe.2386e7b0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 19.2.AgentPackageAgentInformation.exe.238c26f0000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 56.2.AgentPackageProgramManagement.exe.1fadcd00000.2.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 13.0.AteraAgent.exe.235396d0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 23.2.AteraAgent.exe.22f5d31b538.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 61.2.AgentPackageSystemTools.exe.2a7087e0000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 61.0.AgentPackageSystemTools.exe.2a708480000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 34.2.AgentPackageMonitoring.exe.1617d3c0000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 23.2.AteraAgent.exe.22f5d7dd598.0.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 31.0.AgentPackageSTRemote.exe.15fbfb90000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 63.0.AgentPackageOsUpdates.exe.1f1983d0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 34.0.AgentPackageMonitoring.exe.1617cb60000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 19.0.AgentPackageAgentInformation.exe.238c2270000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000017.00000002.2956708927.0000022F5CAE0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000026.00000002.2549200371.00000215DC870000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2959874922.0000022F5D28A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000022.00000002.2456780674.0000016100086000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.3297945299.0000022F75D68000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002D.00000002.2953858003.000001D187376000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000034.00000002.3045785665.000000A9B58F3000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002B.00000002.2645670429.000002AD89D30000.00000004.00000020.00040000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000038.00000002.2906772864.000001FADC910000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000024.00000002.2652301372.0000025EB2BBD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002D.00000002.2953858003.000001D1872F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000000.2136092382.00000235396D2000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000026.00000002.2548793565.00000215DC650000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003D.00000002.2857849444.000002A7087E2000.00000002.00000001.01000000.0000002D.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2959874922.0000022F5D03B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002F.00000002.3096669764.0000019368BE5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2181724981.000002353B619000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001F.00000002.3358663032.0000015FC059D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003B.00000002.3334484189.000001D441C3B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002F.00000002.2945207478.000001934FB6B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002D.00000002.3126006908.000001D1A075A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002F.00000002.2945207478.000001934FBEF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001A.00000002.2651999473.0000027C3213D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001A.00000002.2651999473.0000027C320CC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2705213274.000001CC88112000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002D.00000002.2971540416.000001D187680000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003A.00000002.2860563478.0000023800233000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002B.00000002.2645830459.000002AD89E60000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000034.00000002.3221733262.0000024FC3DC0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000038.00000002.2923848146.000001FADCD02000.00000002.00000001.01000000.00000037.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2702495501.000001CC87510000.00000004.00000020.00040000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000024.00000002.2675610765.0000025ECB559000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2182517157.0000023553CE7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002B.00000002.2645830459.000002AD89EA4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2944517637.0000022F5C800000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2705213274.000001CC88114000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000022.00000002.2456780674.0000016100079000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002F.00000002.2945207478.000001934FBBA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000034.00000002.3226195005.0000024FC3E4F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000031.00000002.2900241749.00000249ECB9B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2702700714.000001CC8759F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000024.00000002.2649907445.0000025EB21AB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002F.00000002.3330043667.00007FF89F7F0000.00000004.00000001.01000000.0000001E.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003F.00000002.2983307499.000001F199013000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000036.00000000.2762227421.000001C1BBA72000.00000002.00000001.01000000.00000028.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003F.00000002.2983307499.000001F19901D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000038.00000002.3013835936.000001FAF5B38000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000024.00000002.2652301372.0000025EB2AF3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2183216765.0000023553F9A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000034.00000002.3055734336.0000024FAAD08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000015.00000002.2407632546.0000023180073000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2182517157.0000023553C10000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001C.00000002.2560008247.00000206C82DB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002F.00000002.2941952671.000001934EF00000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2181724981.000002353B6CC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001F.00000000.2431897307.0000015FBFB92000.00000002.00000001.01000000.0000001A.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000034.00000002.3053700556.0000024FAACC0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002F.00000002.2931583067.000001934EBEF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003F.00000002.2958093860.000001F198560000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000024.00000002.2652301372.0000025EB2C28000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001A.00000002.2649064091.0000027C316BE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000034.00000002.3055734336.0000024FAAD4D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2959874922.0000022F5D75D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000024.00000002.2672986789.0000025ECB457000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002F.00000002.3097924695.0000019368BF9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001A.00000002.2651999473.0000027C320D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002D.00000002.2953858003.000001D187333000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001A.00000002.2669003421.0000027C4A7FB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002D.00000002.2973160106.000001D187CE3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000038.00000002.2929220861.000001FADD57E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2178484180.0000023539940000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2959874922.0000022F5D858000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2705213274.000001CC87D71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003A.00000002.2860563478.000002380022B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000002.2388938556.00000238C23A1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2959874922.0000022F5D90A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001A.00000002.2649064091.0000027C316C8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.3297945299.0000022F75D96000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2705213274.000001CC883AA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2705213274.000001CC882AD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000000.2360050618.00000238C2272000.00000002.00000001.01000000.00000016.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002B.00000002.2666445512.000002ADA3CF5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002F.00000002.2945207478.000001934F796000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000003.2051062600.00000000045E8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001F.00000002.3351854155.0000015FBFD3C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2705213274.000001CC8828D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001A.00000002.2649064091.0000027C31680000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002B.00000002.2666358319.000002ADA3AF7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002B.00000002.2647176737.000002AD8AB13000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000026.00000002.2548793565.00000215DC65B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2959874922.0000022F5D64B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000005.00000002.2111523595.0000000004594000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003A.00000002.2894242771.000002386E9BD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2705213274.000001CC87FE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001A.00000002.2651999473.0000027C31F11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003D.00000002.2871454779.000002A7090EC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000038.00000002.2906772864.000001FADC92B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003F.00000000.2809783648.000001F1983D2000.00000002.00000001.01000000.0000002C.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000038.00000002.2929220861.000001FADD598000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2959874922.0000022F5D5DF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003A.00000002.2894242771.000002386E8F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002B.00000002.2695647531.00007FF89F7E9000.00000004.00000001.01000000.0000001E.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000026.00000003.2470481991.00000215DC890000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000002.2388938556.00000238C2385000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000038.00000002.2929220861.000001FADD7AA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000022.00000002.2463850544.000001617CD30000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000024.00000002.2649907445.0000025EB21F4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2181724981.000002353B604000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000026.00000002.2548793565.00000215DC673000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2702700714.000001CC87617000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001C.00000003.2423324134.00000206C82F8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002D.00000002.3076587822.000001D1A0490000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000002.2388938556.00000238C23A7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000024.00000002.2652301372.0000025EB2A23000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2183193819.0000023553E70000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003F.00000002.2983307499.000001F19904F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000038.00000002.3022026368.000001FAF5D44000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000038.00000002.2929220861.000001FADD476000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002D.00000002.2973160106.000001D187C71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000034.00000002.3055734336.0000024FAACE0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000038.00000002.2929220861.000001FADD442000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001F.00000002.3351561531.0000015FBFD10000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003D.00000002.2826467148.000002A70869D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003F.00000002.2983307499.000001F1993FC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002F.00000002.3105681849.0000019368DD7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000002.2388938556.00000238C2443000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001F.00000002.3375067155.0000015FD8E60000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2959874922.0000022F5D9AA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002F.00000002.2945207478.000001934F9A4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000038.00000002.2929220861.000001FADD6FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2702700714.000001CC875CC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003A.00000002.2905892729.000002386FAB6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003A.00000002.2894242771.000002386E93A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003B.00000002.3214406393.000001D429413000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2959874922.0000022F5D629000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2702700714.000001CC87590000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000024.00000002.2652301372.0000025EB2BBA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2705213274.000001CC87FA6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002D.00000002.2953858003.000001D18732B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2959874922.0000022F5D7D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000022.00000002.2456000442.0000005DCC3D1000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002B.00000002.2645830459.000002AD89E9C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000038.00000002.2929220861.000001FADD85E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000024.00000002.2652301372.0000025EB2B51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001F.00000002.3344124011.0000004FA66F1000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2959874922.0000022F5D94F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001A.00000002.2651999473.0000027C31FA4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000002.2389752253.00000238C26C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002F.00000002.2931583067.000001934EC21000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2959874922.0000022F5D7EF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2959874922.0000022F5D878000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003B.00000002.3096158574.000001D428BC7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000034.00000002.3226195005.0000024FC3DFA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003D.00000000.2804868198.000002A708482000.00000002.00000001.01000000.0000002B.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003D.00000002.2826467148.000002A70861C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002F.00000002.2945207478.000001934F785000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000015.00000002.2407632546.0000023180001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2178484180.00000235398E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2959874922.0000022F5D41F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2959874922.0000022F5D2E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2705213274.000001CC87FE4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001C.00000002.2560008247.00000206C82F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003A.00000002.2860563478.000002380016C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002F.00000002.2945207478.000001934FBF5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000003.2119683395.0000000004AAE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2705213274.000001CC87DF4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000015.00000002.2408655960.00000231E8240000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002B.00000002.2645830459.000002AD89E69000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003A.00000002.2905892729.000002386FA20000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000024.00000002.2649418067.0000025EB2170000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000038.00000002.2906772864.000001FADC999000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2959874922.0000022F5D3FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003A.00000002.2860563478.0000023800001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2181724981.000002353B60A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2181724981.000002353B682000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000002.2388938556.00000238C236C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001A.00000002.2649064091.0000027C31707000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000015.00000002.2408053911.00000231E80A9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.3297945299.0000022F75CE6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000024.00000002.2652301372.0000025EB2B8F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003F.00000002.2958093860.000001F19856C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002B.00000002.2645702362.000002AD89E10000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2738524015.000001CCA0A4C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000024.00000002.2649907445.0000025EB21B7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000034.00000002.3080226832.0000024FAAF25000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001A.00000002.2651999473.0000027C32139000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000033.00000002.2896722646.00000160D6720000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000034.00000002.3224524531.0000024FC3DEA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001F.00000002.3351854155.0000015FBFDBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003B.00000002.3214406393.000001D429323000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001C.00000003.2422064037.00000206C8430000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000015.00000002.2408053911.00000231E8124000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001A.00000002.2671086615.0000027C4A9D3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000024.00000002.2670053251.0000025ECB378000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000024.00000002.2652301372.0000025EB2991000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003D.00000002.2871454779.000002A709106000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000022.00000000.2451905347.000001617CB62000.00000002.00000001.01000000.0000001B.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000002.2389956341.00000238C2C53000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003A.00000002.2894242771.000002386E97B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002B.00000002.2666712360.000002ADA3D06000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2959874922.0000022F5D2C9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002F.00000002.2945207478.000001934FA8C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2959874922.0000022F5D754000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003A.00000002.2894242771.000002386E930000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000002.2389816421.00000238C26F2000.00000002.00000001.01000000.00000018.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000022.00000002.2473005002.000001617CF30000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2181608102.0000023539BC0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2178484180.00000235398E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2959874922.0000022F5D28C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2733842227.000001CCA0440000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000002.2389956341.00000238C2BE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000011.00000003.2187127976.0000000004AB3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000022.00000002.2463850544.000001617CD3C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2959874922.0000022F5D987000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002D.00000002.2973160106.000001D188256000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000002.2388938556.00000238C23EA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000015.00000002.2407632546.0000023180083000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002D.00000002.2973160106.000001D187CF3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2959874922.0000022F5D99E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003D.00000002.2826467148.000002A708651000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002D.00000002.2953858003.000001D1873B1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001A.00000002.2651999473.0000027C32073000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2959874922.0000022F5D791000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003A.00000000.2793424325.000002386E7B2000.00000002.00000001.01000000.0000002A.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001A.00000002.2668787157.0000027C4A7DC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000015.00000002.2408053911.00000231E80DB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000038.00000002.2906772864.000001FADCA01000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2181724981.000002353B602000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003B.00000002.3214406393.000001D42942B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000038.00000000.2780901484.000001FADC892000.00000002.00000001.01000000.00000029.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001F.00000002.3351854155.0000015FBFD30000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003F.00000002.2983307499.000001F198E01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000038.00000002.3005820443.000001FAF5AC0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000034.00000000.2748557710.0000024FAAC22000.00000002.00000001.01000000.00000026.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002F.00000002.3068460618.0000019367D20000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003F.00000002.2958093860.000001F1985A8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.3297945299.0000022F75D39000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000038.00000002.2929220861.000001FADD87D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003F.00000002.2983307499.000001F198F9E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2705213274.000001CC87E82000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003F.00000002.2958093860.000001F19862D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000024.00000002.2666249386.0000025ECB280000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002F.00000002.3105681849.0000019368D1D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2181724981.000002353B5DC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002F.00000002.2945207478.000001934F5E9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000024.00000002.2649907445.0000025EB218B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003F.00000002.2983307499.000001F1993ED000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2943884457.0000022F5C730000.00000004.00000020.00040000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003F.00000002.2983307499.000001F198F94000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.3297945299.0000022F75D4B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000038.00000002.2929220861.000001FADD733000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2745482614.000001CCA0B00000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003B.00000002.3214406393.000001D4292A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003F.00000002.2983307499.000001F19915B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002D.00000002.3090524066.000001D1A0579000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000011.00000002.2236683009.0000000004BC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003A.00000002.2860563478.0000023800235000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000031.00000002.2900241749.00000249ECB90000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001F.00000002.3358663032.0000015FC0498000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2705213274.000001CC88235000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000034.00000002.3081813602.0000024FAB060000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2738524015.000001CCA0A11000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003F.00000002.2958093860.000001F1985A1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2944517637.0000022F5C83D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2944517637.0000022F5C886000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003A.00000002.2860563478.000002380001E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000002.2389956341.00000238C2C63000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003A.00000002.2894242771.000002386E8FC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000024.00000002.2652301372.0000025EB29A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001C.00000002.2560487111.00000206C8410000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000038.00000002.2922925223.000001FADCC00000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000024.00000002.2652301372.0000025EB2B8C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2959874922.0000022F5D5F6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000034.00000002.3055734336.0000024FAAD01000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003D.00000002.2860247483.000002A708810000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2959874922.0000022F5D8FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000031.00000002.2900363771.00000249ECD60000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2755186667.000001CCA0FA4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002F.00000002.3095971394.0000019368BE2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000022.00000002.2463850544.000001617CDBF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003F.00000002.2983307499.000001F199047000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003F.00000002.3127670531.000001F1B15D0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002F.00000002.2945207478.000001934F501000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002B.00000002.2658023197.000002ADA2E8B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000024.00000002.2651755091.0000025EB2520000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003A.00000002.2860563478.0000023800231000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003D.00000002.2826467148.000002A708610000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000011.00000002.2236683009.0000000004C64000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003A.00000002.2904685000.000002386EC50000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2931616433.000000ED882F5000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003B.00000002.3096158574.000001D428AD0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000002.2388938556.00000238C2360000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000038.00000002.2906772864.000001FADC918000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000022.00000002.2456780674.0000016100001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2959874922.0000022F5CFD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002F.00000002.2931583067.000001934EBBB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000024.00000002.2652301372.0000025EB2B4C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002B.00000002.2647176737.000002AD8A64E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.3297945299.0000022F75D1D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000038.00000002.2929220861.000001FADD45E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003F.00000002.2958093860.000001F1985ED000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001A.00000002.2669458596.0000027C4A930000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003B.00000002.3334484189.000001D441C28000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002F.00000002.2945207478.000001934F939000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002F.00000002.2945207478.000001934F893000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002F.00000002.2931583067.000001934EBDA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2700970508.00000051B2725000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2184021272.00007FF848B14000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000038.00000002.3022026368.000001FAF5D10000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003A.00000002.2860563478.0000023800020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2738524015.000001CCA09B8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000034.00000002.3084404253.0000024FAB7FC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2702700714.000001CC8764B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2705213274.000001CC882A7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000038.00000002.2929220861.000001FADD868000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2754258230.000001CCA0F36000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000028.00000002.2546126278.0000024FB2410000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000038.00000002.2929220861.000001FADD231000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2959874922.0000022F5D72B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001A.00000002.2651999473.0000027C31F87000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003B.00000002.3096158574.000001D428B0F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2704442136.000001CC87890000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000034.00000002.3084404253.0000024FAB581000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000015.00000002.2408053911.00000231E80A0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002F.00000002.2945207478.000001934FBAC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2959874922.0000022F5D499000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2705213274.000001CC87DC7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002D.00000002.2973160106.000001D188259000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001E.00000002.2557028461.000001ACEF6A0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2959874922.0000022F5D316000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003F.00000002.2951780976.0000005B97CF6000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002F.00000002.3095519048.00000193689D7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2181724981.000002353B5D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2738524015.000001CCA0A87000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002F.00000002.2931583067.000001934EBA0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003F.00000002.2983307499.000001F198ED6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2178484180.0000023539926000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002D.00000002.2973160106.000001D187CB7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002B.00000002.2645830459.000002AD89EE4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003F.00000002.3127670531.000001F1B1654000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002F.00000002.2931341396.000001934EB70000.00000004.00000020.00040000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2755090717.000001CCA0F7B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000005.00000003.2063906251.00000000042FF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001C.00000002.2560008247.00000206C82D0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003F.00000002.2972647175.000001F198842000.00000002.00000001.01000000.00000039.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2959874922.0000022F5D91F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2705213274.000001CC87F0A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003F.00000002.2971960519.000001F198820000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2959874922.0000022F5D4D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000038.00000002.2906772864.000001FADC958000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2705213274.000001CC87FFA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000022.00000002.2473335325.000001617D3C2000.00000002.00000001.01000000.0000001C.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002B.00000002.2658023197.000002ADA2E70000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000038.00000002.2929220861.000001FADD482000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.3280065409.0000022F75934000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.3280065409.0000022F759CB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003B.00000002.3096158574.000001D428B00000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003F.00000002.2983307499.000001F1990C2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001A.00000002.2651999473.0000027C3210C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002D.00000002.2973160106.000001D18820E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000031.00000002.2900241749.00000249ECBB3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000034.00000002.3084404253.0000024FAB6F3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002F.00000002.2945207478.000001934F78F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002D.00000002.2973160106.000001D187E46000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000031.00000003.2742717448.00000249ECD80000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003B.00000002.3059552885.000001D428A60000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000005.00000002.2111523595.00000000044F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002F.00000002.2945207478.000001934FAE9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001F.00000002.3358663032.0000015FC0421000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2959874922.0000022F5DA5F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000038.00000002.2906772864.000001FADC94D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001A.00000002.2651068075.0000027C318A0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001A.00000002.2651999473.0000027C321A6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2738524015.000001CCA09D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2733842227.000001CCA0499000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003B.00000002.3096158574.000001D428AD9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002B.00000002.2647176737.000002AD8A561000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.2705213274.000001CC88030000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003D.00000002.2871454779.000002A709071000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.3297945299.0000022F75CB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2178484180.0000023539920000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001F.00000002.3351854155.0000015FBFD72000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2178484180.000002353996E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2959874922.0000022F5D403000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000022.00000002.2463850544.000001617CD73000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.2959874922.0000022F5D526000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000003B.00000002.3096158574.000001D428B57000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000038.00000002.2929220861.000001FADD63F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2181724981.000002353B551000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000024.00000002.2652301372.0000025EB2C6F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 3660, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 2716, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 4180, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: AteraAgent.exe PID: 2972, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: AteraAgent.exe PID: 2820, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 1476, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 3224, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 5696, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: AteraAgent.exe PID: 3128, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 5344, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 2124, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: cscript.exe PID: 3712, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: AgentPackageSTRemote.exe PID: 3056, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: AgentPackageMonitoring.exe PID: 6768, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 4144, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: cscript.exe PID: 1576, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: AgentPackageMonitoring.exe PID: 5044, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 2508, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: AgentPackageMonitoring.exe PID: 6396, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 5684, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: cscript.exe PID: 5888, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: AgentPackageUpgradeAgent.exe PID: 5480, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: AgentPackageTicketing.exe PID: 6784, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: AgentPackageProgramManagement.exe PID: 2672, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: AgentPackageInternalPoller.exe PID: 7016, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: AgentPackageUpgradeAgent.exe PID: 7040, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Windows\Temp\Microsoft_.NET_Runtime_-_6.0.35_(x64)_20241108073939_001_dotnet_hostfxr_6.0.35_win_x64.msi.log, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DFE28F20BF858487E1.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackages.CommonLib.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\choco-logs\11-08-2024 07_39_29-log.txt, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DFEC28E6A6438FFDBD.TMP, type: DROPPED
                                Source: Yara matchFile source: dropped/ConDrv, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF149AF26E7405EB9E.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF2B0B6C20EEC26074.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\AteraSetupLog.txt, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF09A0613500D1B004.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackage.Common.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF3854EF7ACE468FA0.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.ModelsV3.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.ModelsV3.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF7DDA5B9BF67DD720.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DFBA889C5C19AD67A3.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF19DB8661A095DD7E.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DFC9329EB2CD6934DE.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF4462ADB9C3CB59E4.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DFE78F4222094BB8F1.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSIC28C.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DFF6C6D2BED911FDD7.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.InstallLog, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF883891F690572C07.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\UserDetections.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DFF34671EFF95FB92E.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF24128B1B7636176B.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DFE2AA3264441F0126.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF392792FDC2A4AB0C.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.CommonLib.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DFEB36E137878F14EA.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSI591B.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF3C5BCD3D863F04F2.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Config.Msi\3f511c.rbs, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\logs\choco.summary.log, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DFB94BDC9FCCFCB068.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\choco-logs\11-08-2024 07_39_28-log.txt, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF453F0FBC0B60F55F.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Config.Msi\3f5129.rbs, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF9F364A753B0AEDA3.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF334B9E77A3779C09.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSI6D01.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF1648B3632C5ED880.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSI8958.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Config.Msi\3f5121.rbs, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DFC062C42551A28A49.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\logs\chocolatey.log, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DFC4B0402BA4B10C60.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DFF0E8609902102013.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.Common.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSIA750.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF94F2B8D5FD07F988.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\System32\InstallUtil.InstallLog, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF0AB4D42089FC291E.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSI52D0.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF9F7387F47FC15CA9.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminder.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF5B83A7AC03730FA4.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DFDE92FEF47ACED046.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\log.txt, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF40757303CF5AF021.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DFD49DE98BD4F76663.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF8FA2ED73703CA3D1.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSI71D5.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\Microsoft_.NET_Runtime_-_6.0.35_(x64)_20241108073939_002_dotnet_host_6.0.35_win_x64.msi.log, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\Microsoft_.NET_Runtime_-_6.0.35_(x64)_20241108073939_000_dotnet_runtime_6.0.35_win_x64.msi.log, type: DROPPED
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exeCode function: 43_2_00007FF89F69B9F0 GetModuleHandleW,OutputDebugStringA,GetProcAddress,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,GetModuleHandleW,OutputDebugStringA,GetLastError,GetProcAddress,OutputDebugStringA,OutputDebugStringA,CorBindToRuntimeEx,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,_snprintf,OutputDebugStringA,43_2_00007FF89F69B9F0

                                Mitre Att&ck Matrix

                                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                Gather Victim Identity Information1
                                Scripting                                		1
                                Replication Through Removable Media                                		641
                                Windows Management Instrumentation                                		1
                                Scripting                                		1
                                DLL Side-Loading                                		21
                                Disable or Modify Tools                                		OS Credential Dumping2
                                System Time Discovery                                		Remote Services1
                                Archive Collected Data                                		2
                                Encrypted Channel                                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                                CredentialsDomainsDefault Accounts1
                                Native API                                		1
                                DLL Side-Loading                                		22
                                Windows Service                                		1
                                Deobfuscate/Decode Files or Information                                		LSASS Memory11
                                Peripheral Device Discovery                                		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
                                Email AddressesDNS ServerDomain Accounts1
                                Command and Scripting Interpreter                                		22
                                Windows Service                                		111
                                Process Injection                                		4
                                Obfuscated Files or Information                                		Security Account Manager3
                                File and Directory Discovery                                		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
                                Employee NamesVirtual Private ServerLocal Accounts11
                                Scheduled Task/Job                                		11
                                Scheduled Task/Job                                		11
                                Scheduled Task/Job                                		1
                                Software Packing                                		NTDS275
                                System Information Discovery                                		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                                Gather Victim Network InformationServerCloud Accounts11
                                Service Execution                                		Network Logon ScriptNetwork Logon Script1
                                Timestomp                                		LSA Secrets1
                                Query Registry                                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                                DLL Side-Loading                                		Cached Domain Credentials781
                                Security Software Discovery                                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                                File Deletion                                		DCSync11
                                Process Discovery                                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job123
                                Masquerading                                		Proc Filesystem371
                                Virtualization/Sandbox Evasion                                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                                Modify Registry                                		/etc/passwd and /etc/shadow1
                                Application Window Discovery                                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron371
                                Virtualization/Sandbox Evasion                                		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                                Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd111
                                Process Injection                                		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                                Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
                                Rundll32                                		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

                                Behavior Graph

                                Hide Legend

                                Legend:

                                • Process
                                • Signature
                                • Created File
                                • DNS/IP Info
                                • Is Dropped
                                • Is Windows Process
                                • Number of created Registry Values
                                • Number of created Files
                                • Visual Basic
                                • Delphi
                                • Java
                                • .Net C# or VB.NET
                                • C, C++ or other language
                                • Is malicious
                                • Internet
                                behaviorgraph top1 signatures2 2 Behavior Graph ID: 1552149 Sample: gaYiWz75kv.msi Startdate: 08/11/2024 Architecture: WINDOWS Score: 100 153 Multi AV Scanner detection for dropped file 2->153 155 Multi AV Scanner detection for submitted file 2->155 157 Yara detected AteraAgent 2->157 159 8 other signatures 2->159 8 AteraAgent.exe 2->8         started        13 msiexec.exe 501 481 2->13         started        15 AteraAgent.exe 2->15         started        17 3 other processes 2->17 process3 dnsIp4 147 18.66.112.125 MIT-GATEWAYSUS United States 8->147 97 C:\...\System.Management.dll, PE32 8->97 dropped 99 C:\...99ewtonsoft.Json.dll, PE32 8->99 dropped 101 C:\...\Microsoft.Win32.TaskScheduler.dll, PE32 8->101 dropped 109 283 other malicious files 8->109 dropped 169 Installs Task Scheduler Managed Wrapper 8->169 19 AgentPackageProgramManagement.exe 8->19         started        23 AgentPackageUpgradeAgent.exe 8->23         started        26 AgentPackageMonitoring.exe 8->26         started        36 8 other processes 8->36 103 C:\Windows\Installer\MSIEBF.tmp, PE32 13->103 dropped 105 C:\Windows\Installer\MSIDBE6.tmp, PE32 13->105 dropped 107 C:\Windows\Installer\MSICB0C.tmp, PE32 13->107 dropped 111 314 other files (262 malicious) 13->111 dropped 28 msiexec.exe 13->28         started        30 AteraAgent.exe 13->30         started        32 msiexec.exe 13->32         started        149 18.66.112.49 MIT-GATEWAYSUS United States 15->149 151 35.157.63.228 AMAZON-02US United States 15->151 113 30 other malicious files 15->113 dropped 171 Creates files in the system32 config directory 15->171 173 Reads the Security eventlog 15->173 175 Reads the System eventlog 15->175 34 AgentPackageAgentInformation.exe 15->34         started        38 5 other processes 15->38 file5 signatures6 process7 dnsIp8 91 15 other malicious files 19->91 dropped 161 Creates files in the system32 config directory 19->161 40 conhost.exe 19->40         started        133 20.60.197.1 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 23->133 79 C:\...\System.ValueTuple.dll, PE32 23->79 dropped 81 C:\Program Files (x86)\...\Pubnub.dll, PE32 23->81 dropped 83 C:\...83ewtonsoft.Json.dll, PE32 23->83 dropped 93 4 other malicious files 23->93 dropped 42 conhost.exe 23->42         started        85 C:\Program Files (x86)\...\log.txt, ASCII 26->85 dropped 163 Queries disk data (e.g. SMART data) 26->163 44 conhost.exe 26->44         started        46 rundll32.exe 28->46         started        52 4 other processes 28->52 135 199.232.214.172 FASTLYUS United States 30->135 137 192.229.221.95 EDGECASTUS United States 30->137 95 2 other malicious files 30->95 dropped 165 Reads the Security eventlog 30->165 167 Reads the System eventlog 30->167 55 2 other processes 32->55 50 conhost.exe 34->50         started        139 20.50.88.232 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 36->139 141 152.199.23.209 EDGECASTUS United States 36->141 87 C:\...\TicketingTray.exe (copy), PE32 36->87 dropped 57 10 other processes 36->57 143 35.71.184.3 MERIT-AS-14US United States 38->143 145 13.35.58.57 AMAZON-02US United States 38->145 89 C:\Windows\Temp\SplashtopStreamer.exe, PE32 38->89 dropped 59 6 other processes 38->59 file9 signatures10 process11 dnsIp12 115 C:\...\AlphaControlAgentInstallation.dll, PE32 46->115 dropped 117 C:\Windows\...\System.Management.dll, PE32 46->117 dropped 119 C:\Windows\Installer\...119ewtonsoft.Json.dll, PE32 46->119 dropped 121 Microsoft.Deployme...indowsInstaller.dll, PE32 46->121 dropped 177 System process connects to network (likely due to code injection or exploit) 46->177 131 40.119.152.241 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 52->131 123 C:\...\AlphaControlAgentInstallation.dll, PE32 52->123 dropped 125 C:\...\AlphaControlAgentInstallation.dll, PE32 52->125 dropped 127 C:\...\AlphaControlAgentInstallation.dll, PE32 52->127 dropped 129 9 other files (none is malicious) 52->129 dropped 61 conhost.exe 55->61         started        63 net1.exe 55->63         started        65 conhost.exe 55->65         started        67 conhost.exe 57->67         started        69 cscript.exe 57->69         started        71 conhost.exe 57->71         started        73 cscript.exe 57->73         started        75 conhost.exe 59->75         started        77 cscript.exe 59->77         started        file13 signatures14 process15

                                Screenshots

                                Thumbnails

                                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                windows-stand

                                Antivirus, Machine Learning and Genetic Malware Detection

                                Initial Sample

                                SourceDetectionScannerLabelLink
                                gaYiWz75kv.msi26%ReversingLabsWin32.Trojan.Atera

                                Dropped Files

                                SourceDetectionScannerLabelLink
                                3f5122.rbf (copy)21%ReversingLabsWin32.Trojan.Atera
                                3f5124.rbf (copy)0%ReversingLabs
                                3f5125.rbf (copy)0%ReversingLabs
                                3f5126.rbf (copy)0%ReversingLabs
                                3f5127.rbf (copy)0%ReversingLabs
                                3f5128.rbf (copy)0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe21%ReversingLabsWin32.Trojan.Atera
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Atera.Agent.Package.Infrastructure.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Atera.Agent.Package.Tools.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\CliWrap.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.Abstractions.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.Binder.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.CommandLine.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.EnvironmentVariables.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.FileExtensions.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.Json.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.UserSecrets.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.DependencyInjection.Abstractions.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.DependencyInjection.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.FileProviders.Abstractions.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.FileProviders.Physical.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.FileSystemGlobbing.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Hosting.Abstractions.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Hosting.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Http.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Abstractions.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Configuration.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Console.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Debug.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.EventLog.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.EventSource.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Options.ConfigurationExtensions.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Options.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Primitives.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Win32.TaskScheduler.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Newtonsoft.Json.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Polly.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.Extensions.Hosting.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.Extensions.Logging.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.Sinks.File.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Diagnostics.DiagnosticSource.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Text.Encodings.Web.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Text.Json.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\de\Microsoft.Win32.TaskScheduler.resources.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\es\Microsoft.Win32.TaskScheduler.resources.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\fr\Microsoft.Win32.TaskScheduler.resources.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\it\Microsoft.Win32.TaskScheduler.resources.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\pl\Microsoft.Win32.TaskScheduler.resources.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\ru\Microsoft.Win32.TaskScheduler.resources.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\browser\lib\net6.0\System.Text.Encodings.Web.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\win\lib\net6.0\System.Diagnostics.EventLog.Messages.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\win\lib\net6.0\System.Diagnostics.EventLog.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\win\lib\net6.0\System.ServiceProcess.ServiceController.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\zh-Hant\Microsoft.Win32.TaskScheduler.resources.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackage.Common.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackages.CommonLib.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackages.Exceptions.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.Utils.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Microsoft.ApplicationInsights.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\NLog.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Newtonsoft.Json.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\StructureMap.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Buffers.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Diagnostics.DiagnosticSource.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Memory.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Runtime.CompilerServices.Unsafe.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\Atera.AgentPackage.Common.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\Newtonsoft.Json.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentCommunication.Models.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentPackage.Common.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\LiteDB.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Newtonsoft.Json.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Polly.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\SharpSnmpLib.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\System.Runtime.InteropServices.RuntimeInformation.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\System.ValueTuple.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Atera.AgentPackage.Common.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Atera.AgentPackages.CommonLib.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Atera.Utils.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Microsoft.ApplicationInsights.dll0%ReversingLabs

                                Unpacked PE Files

                                No Antivirus matches

                                Domains

                                No Antivirus matches

                                URLs

                                No Antivirus matches

                                Domains and IPs

                                Contacted Domains

                                No contacted domains info

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                http://www.gnu.org/AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpfalse
                                  http://pwnt.coAgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpfalse
                                    https://ps.atera.com/agentpackageswin/AgentPackageSTRemote/16.0/AgentPackageSTRemote.zipAteraAgent.exe, 0000000E.00000002.2705213274.000001CC88030000.00000004.00000800.00020000.00000000.sdmpfalse
                                      https://ch0.co/packages_configAgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpfalse
                                        http://www.nlog-project.org/schemas/NLog.xsdAteraAgent.exe, 00000017.00000002.2959874922.0000022F5D7EF000.00000004.00000800.00020000.00000000.sdmpfalse
                                          http://schemas.datacontract.orgAteraAgent.exe, 0000000D.00000002.2181724981.000002353B619000.00000004.00000800.00020000.00000000.sdmpfalse
                                            https://ps.atera.com/agentpackagesnet45/AgentPackageMarketplace/1.6/AgentPackageMarketplace.zipAteraAgent.exe, 0000000E.00000002.2705213274.000001CC87E82000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                              http://crl.microsoftrundll32.exe, 00000011.00000003.2234462092.000000000761D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                https://community.chocolatey.org/packages/checksum.AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                  https://ps.atera.com/agentpackagesnet45/AgentPackageMonitoring/37.8/AgentPackageMonitoring.zip?1rBvYAteraAgent.exe, 0000000E.00000002.2705213274.000001CC88114000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    http://logging.apache.org/log4net/release/faq.html#trouble-EventLogAgentPackageProgramManagement.exe, 00000038.00000002.2925726565.000001FADD162000.00000002.00000001.01000000.00000038.sdmpfalse
                                                      https://chocolatey.org/contact.AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                        https://nlog-project.org/AgentPackageMonitoring.exe, 0000002B.00000002.2662447376.000002ADA3052000.00000002.00000001.01000000.00000023.sdmp, AgentPackageMonitoring.exe, 0000002B.00000002.2664762575.000002ADA3128000.00000002.00000001.01000000.00000023.sdmpfalse
                                                          https://agent-api.PPAgentPackageAgentInformation.exe, 0000001A.00000002.2651999473.0000027C321A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            https://agent-api.atera.com/Production/Agent/track-eventrundll32.exe, 00000005.00000002.2111523595.0000000004594000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2111523595.00000000044F1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2236683009.0000000004BC1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2236683009.0000000004C64000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              https://aka.ms/dotnet/app-launch-failedAteraAgent.exe, 00000017.00000002.3297945299.0000022F75D96000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                http://dl.google.com/googletalk/googletalk-setup.exeAgentPackageAgentInformation.exe, 00000013.00000000.2360050618.00000238C2272000.00000002.00000001.01000000.00000016.sdmpfalse
                                                                  https://community.chocolatey.org/packages/checksum)AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                    http://stackoverflow.com/questions/265339/whats-the-best-way-to-automate-secure-ftp-in-powershellAgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                      http://crl.ssc.lt/root-c/cacrl.crl0AteraAgent.exe, 0000000E.00000002.2755090717.000001CCA0F7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        http://stackoverflow.com/questions/518181/too-many-automatic-redirections-were-attempted-error-messaAgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                          http://somewhere123zzaafasd.invalidUAttemptingAgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                            http://somehwere/something.exeAgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                              https://raw.githubusercontent.com/wiki/chocolatey/choco/images/gifs/choco_config.gifAgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                                http://schemas.datacontract.org/2004/07/System.ServiceProcessAteraAgent.exe, 0000000D.00000002.2181724981.000002353B619000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  https://ps.atera.com/agentpackagescrossplatform/AgentPackageMonitoring/0.40/AgentPackageMonitoring.zAteraAgent.exe, 0000000E.00000002.2705213274.000001CC88016000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88030000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    https://chocolatey.org/compare0AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD482000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      https://docs.chocolatey.org/en-us/choco/commands/uninstallAgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                                        https://my.splashtop.com/csrs/winAgentPackageSTRemote.exe, 0000001F.00000000.2431897307.0000015FBFB92000.00000002.00000001.01000000.0000001A.sdmp, AgentPackageSTRemote.exe, 0000001F.00000002.3358663032.0000015FC0498000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          https://docs.chocolatey.org/en-us/create/automatic-packages#automatic-updater-auAgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                                            https://github.com/downloads/spraints/git-tfs/GitTfs-0.11.0.zipAgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                                              http://wixtoolset.orgrundll32.exe, 00000004.00000003.2051062600.0000000004619000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2063906251.0000000004330000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119683395.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AE4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEHEARTBEAT/17.14/AGENTPACKAGEHEARTBEAT.ZIPAteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  https://chocolatey.org/compare.AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                                                    https://ps.atera.com/agentpackagesnet45/AgentPackageADRemote/6.0/AgentPackageADRemote.zip?1rBvY94KQVAteraAgent.exe, 00000017.00000002.2959874922.0000022F5D316000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      https://agent-api.atera.com/Production/Agent/track-event;rundll32.exe, 00000005.00000002.2111523595.00000000045D6000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2236683009.0000000004CA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        https://ps.atera.com/agentpackageswin/AgentPackageRuntimeInstaller/13.0/AgentPackageRuntimeInstallerAteraAgent.exe, 0000000E.00000002.2705213274.000001CC87DC7000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D033000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          http://acontrol.atera.com/AteraAgent.exe, 0000000D.00000000.2136092382.00000235396D2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87D71000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5CFD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            https://agent-api.atera.com/Production/Agent/dynamic-fields/AgentPackageAgentInformation.exe, 0000001A.00000002.2651999473.0000027C3213D000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2652301372.0000025EB2BBD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              https://docs.nuget.org/create/Nuspec-Reference.AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                                                                https://ps.atera.com/agentpackagesmac/AgentPackageAgentInformation/37.9/AgentPackageAgentInformationAteraAgent.exe, 0000000E.00000002.2705213274.000001CC88030000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0BA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/23.4/AgentPackageSTRemote.zipAteraAgent.exe, 0000000E.00000002.2705213274.000001CC88030000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    https://ps.atera.com/agentpackagesnet45/AgentPackageADRemote/6.0/AgentPackageADRemote.zipAteraAgent.exe, 0000000E.00000002.2705213274.000001CC87E82000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      https://docs.chocolatey.org/en-us/guides/create/create-custom-package-templatesAgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namerundll32.exe, 00000005.00000002.2111523595.0000000004594000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2111523595.00000000044F1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87D71000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2236683009.0000000004BC1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2236683009.0000000004C64000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2389956341.00000238C2C63000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5CFD1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2651999473.0000027C3213D000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2651999473.0000027C31F11000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000001F.00000002.3358663032.0000015FC0498000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2652301372.0000025EB2BBD000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2652301372.0000025EB29A1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002B.00000002.2647176737.000002AD8A64E000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000002D.00000002.2973160106.000001D187E46000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F893000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 00000034.00000002.3084404253.0000024FAB581000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD231000.00000004.00000800.00020000.00000000.sdmp, AgentPackageInternalPoller.exe, 0000003A.00000002.2860563478.0000023800020000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          http://crl3.iCertTrustedRootAteraAgent.exe, 0000000E.00000002.2738524015.000001CCA0A87000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            https://community.chocolatey.org/api/v2/AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD63F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                                                                              https://community.chocolatey.org/packages).AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                                                                                https://docs.chocolatey.org/en-us/create/functions/get-toolslocationAgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                                                                                  https://ps.atera.com/agentpackagesmac/AgentPackageMonitoring/37.8/AgentPackageMonitoring.zipAteraAgent.exe, 0000000E.00000002.2705213274.000001CC88114000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88016000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0BA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    https://community.chocolatey.org/api/v2AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                                                                                      HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGERUNTIMEINSTALLER/1.6/AGENTPACKAGERUNTIMEINSTALLEAteraAgent.exe, 00000017.00000002.2959874922.0000022F5D316000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        http://my.splashtop.comAgentPackageSTRemote.exe, 0000001F.00000002.3358663032.0000015FC0577000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          http://microsoft.corundll32.exe, 00000011.00000003.2234462092.000000000761D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            https://raw.githubusercontent.com/wiki/chocolatey/choco/images/gifs/choco_outdated.gifAgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                                                                                              https://community.chocolatey.org/api/v2/PAgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD733000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                https://docs.chocolatey.org/en-us/create/functions/uninstall-binfileAgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                                                                                                  https://ps.atera.com/agentpackageswin/AgentPackageNetworkDiscovery/15.0/AgentPackageNetworkDiscoveryAteraAgent.exe, 0000000E.00000002.2705213274.000001CC87DC7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    https://licensedpackages.chocolatey.org/api/v2/AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD231000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/23.4/AgentPackageSTRemote.ziphAteraAgent.exe, 0000000E.00000002.2705213274.000001CC88030000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        http://www.w3.orAgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD598000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD442000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD733000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD482000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          https://community.chocolatey.org/packages/autohotkey.portableAgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                                                                                                            https://gist.github.com/jvshahid/6fb2f91fa7fb1db23599AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6431000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                                                                                                              https://somewhere/bob.exeAgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                                                                                                                https://community.chocolatey.org/api/v2/8AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD231000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD87D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  https://repository.tsp.zetes.com0AteraAgent.exe, 0000000E.00000002.2755004700.000001CCA0F6B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    https://download.splashtop.comAgentPackageSTRemote.exe, 0000001F.00000002.3358663032.0000015FC059D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      https://aka.ms/dotnet/app-launch-failed&gui=trueShowingAteraAgent.exe, 00000017.00000002.3297945299.0000022F75D96000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        https://docs.chocolatey.org/en-us/create/functions/get-osarchitecturewidthAgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                                                                                                                          https://docs.chocolatey.org/en-us/create/functions/uninstall-chocolateyzippackageAgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                                                                                                                            https://ps.atera.com/agentpackagesnet45/AgentPackageTaskScheduler/17.2/AgentPackageTaskScheduler.zipAteraAgent.exe, 0000000E.00000002.2705213274.000001CC87E82000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87DC7000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D033000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              https://ps.atera.com/agentpackagesnet45/AgentPackageTicketing/30.1/AgentPackageTicketing.zipAteraAgent.exe, 0000000E.00000002.2705213274.000001CC87E82000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                https://agent-api.atera.comAteraAgent.exe, 0000000E.00000002.2705213274.000001CC87FE7000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC88030000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.2187127976.0000000004AB3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2236683009.0000000004BC1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.2236683009.0000000004C64000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2389956341.00000238C2C63000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D316000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2651999473.0000027C3213D000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2651999473.0000027C31F11000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2651999473.0000027C320D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.2651999473.0000027C3210C000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2652301372.0000025EB2BBD000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2652301372.0000025EB2B51000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2652301372.0000025EB2B8F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000024.00000002.2652301372.0000025EB29A1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002B.00000002.2647176737.000002AD8A64E000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000002D.00000002.2973160106.000001D187E46000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F796000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002F.00000002.2945207478.000001934F893000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD7AA000.00000004.00000800.00020000.00000000.sdmp, AgentPackageInternalPoller.exe, 0000003A.00000002.2860563478.000002380011E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  https://www.nuget.org/packages/NLog.Web.AspNetCoreAgentPackageMonitoring.exe, 0000002B.00000002.2662447376.000002ADA3052000.00000002.00000001.01000000.00000023.sdmp, AgentPackageMonitoring.exe, 0000002B.00000002.2664762575.000002ADA3128000.00000002.00000001.01000000.00000023.sdmpfalse
                                                                                                                                                                                    https://github.com/dahlbyk/posh-git/blob/1941da2472eb668cde2d6a5fc921d5043a024386/LICENSE.txtAgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                                                                                                                                      https://docs.chocolatey.org/en-us/create/functions/install-chocolateyshortcutAgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                                                                                                                                        http://www.w3.ohAteraAgent.exe, 0000000D.00000002.2181724981.000002353B619000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          http://www.jrsoftware.org/ishelp/index.php?topic=setupexitcodesAgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                                                                                                                                            https://agent-api.atera.com/Production/Agent/GetCommandsAteraAgent.exe, 0000000E.00000002.2705213274.000001CC87DF4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87E82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              https://community.chocolatey.org/api/v2/.AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                                                                                                                                                https://ps.atera.com/agentpackagesnet45/AgentPackageUpgradeAgent/27.2/AgentPackageUpgradeAgent.zip?1AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  http://somewhere123zzaafasd.invalidAgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                                                                                                                                                    https://community.chocolatey.org/api/v2/0AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD7AA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      http://schemas.xmlsoap.org/wsdl/AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD231000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000038.00000002.2929220861.000001FADD87D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        http://nlog-project.org/ws/AgentPackageMonitoring.exe, 0000002B.00000002.2662447376.000002ADA3052000.00000002.00000001.01000000.00000023.sdmpfalse
                                                                                                                                                                                                          http://nlog-project.org/ws/ILogReceiverServer/ProcessLogMessagesTAgentPackageMonitoring.exe, 0000002B.00000002.2662447376.000002ADA3052000.00000002.00000001.01000000.00000023.sdmpfalse
                                                                                                                                                                                                            https://ps.atera.com/aAteraAgent.exe, 0000000E.00000002.2705213274.000001CC88114000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              https://urn.to/r/sds_seeAgentPackageMonitoring.exe, 0000002B.00000002.2661494817.000002ADA2FE2000.00000002.00000001.01000000.00000022.sdmpfalse
                                                                                                                                                                                                                http://stexbar.googlecode.com/files/StExBar-1.8.3.msiAgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                                                                                                                                                                  https://ps.atera.com/agentpackagesmac/AgentPackageRuntimeInstaller/1.5/AgentPackageRuntimeInstaller.AteraAgent.exe, 0000000E.00000002.2705213274.000001CC87DC7000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D033000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    https://docs.chocolatey.org/en-us/create/functionsAgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                                                                                                                                                                      https://ps.atera.com/agentpackagesnet45/AgentPackageOsUpdates/20.1/AgentPackageOsUpdates.zip?1rBvY94AteraAgent.exe, 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0AteraAgent.exe, 0000000E.00000002.2754258230.000001CCA0F4E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          https://chocolatey.org).AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                                                                                                                                                                            https://docs.chocolatey.org/en-us/create/functions/get-chocolateyunzippAgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                                                                                                                                                                              http://www.datev.de/zertifikat-policy-int0AteraAgent.exe, 0000000E.00000002.2733842227.000001CCA0499000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                https://my.splashtop.comAgentPackageSTRemote.exe, 0000001F.00000002.3358663032.0000015FC0572000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000001F.00000002.3358663032.0000015FC0498000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  https://docs.chocolatey.org/en-us/information/legal.AgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                                                                                                                                                                                    https://docs.chocolatey.org/en-us/create/automatic-packagesAgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF64A4000.00000002.00000001.01000000.0000003F.sdmpfalse
                                                                                                                                                                                                                                      https://somewhere/bob-x64.exeAgentPackageProgramManagement.exe, 00000038.00000002.3031219205.000001FAF6222000.00000002.00000001.01000000.0000003F.sdmpfalse

                                                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                        13.35.58.57
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                                                                                                                        40.119.152.241
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		8075MICROSOFT-CORP-MSN-AS-BLOCKUStrue
                                                                                                                                                                                                                                        18.66.112.125
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		3MIT-GATEWAYSUSfalse
                                                                                                                                                                                                                                        35.157.63.228
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                                                                                                                        20.50.88.232
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                        18.66.112.49
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		3MIT-GATEWAYSUSfalse
                                                                                                                                                                                                                                        35.71.184.3
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		237MERIT-AS-14USfalse
                                                                                                                                                                                                                                        199.232.214.172
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		54113FASTLYUSfalse
                                                                                                                                                                                                                                        192.229.221.95
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		15133EDGECASTUSfalse
                                                                                                                                                                                                                                        152.199.23.209
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		15133EDGECASTUSfalse
                                                                                                                                                                                                                                        20.60.197.1
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                                                                                                                                                                                                                                        General Information

                                                                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                        Analysis ID:1552149
                                                                                                                                                                                                                                        Start date and time:2024-11-08 13:37:15 +01:00
                                                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                        Overall analysis duration:0h 14m 18s
                                                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                        Number of analysed new started processes analysed:68
                                                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                                                        Sample name:gaYiWz75kv.msi
                                                                                                                                                                                                                                        renamed because original name is a hash value
                                                                                                                                                                                                                                        Original Sample Name:7e3e97a19d93606583c07808e3b352d65bf7f316e4f97d4808ca0c3e3efbade3.msi
                                                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                                                        Classification:mal100.troj.spyw.evad.winMSI@110/945@0/11
                                                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                                                        • Successful, ratio: 21.4%
                                                                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                                                                        • Successful, ratio: 60%
                                                                                                                                                                                                                                        • Number of executed functions: 412
                                                                                                                                                                                                                                        • Number of non-executed functions: 3
                                                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                                                        • Found application associated with file extension: .msi

                                                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): Conhost.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                                                                                        • Execution Graph export aborted for target AgentPackageAgentInformation.exe, PID 3224 because it is empty
                                                                                                                                                                                                                                        • Execution Graph export aborted for target AgentPackageAgentInformation.exe, PID 5696 because it is empty
                                                                                                                                                                                                                                        • Execution Graph export aborted for target AgentPackageMonitoring.exe, PID 6768 because it is empty
                                                                                                                                                                                                                                        • Execution Graph export aborted for target AgentPackageSTRemote.exe, PID 3056 because it is empty
                                                                                                                                                                                                                                        • Execution Graph export aborted for target AteraAgent.exe, PID 2820 because it is empty
                                                                                                                                                                                                                                        • Execution Graph export aborted for target AteraAgent.exe, PID 2972 because it is empty
                                                                                                                                                                                                                                        • Execution Graph export aborted for target AteraAgent.exe, PID 3128 because it is empty
                                                                                                                                                                                                                                        • Execution Graph export aborted for target rundll32.exe, PID 1476 because it is empty
                                                                                                                                                                                                                                        • Execution Graph export aborted for target rundll32.exe, PID 2716 because it is empty
                                                                                                                                                                                                                                        • Execution Graph export aborted for target rundll32.exe, PID 3660 because it is empty
                                                                                                                                                                                                                                        • Execution Graph export aborted for target rundll32.exe, PID 4180 because it is empty
                                                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtSetValueKey calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                                                                                        • Skipping network analysis since amount of network traffic is too extensive
                                                                                                                                                                                                                                        • VT rate limit hit for: gaYiWz75kv.msi

                                                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                                                                        07:38:13API Interceptor2x Sleep call for process: rundll32.exe modified
                                                                                                                                                                                                                                        07:38:18API Interceptor1586x Sleep call for process: AteraAgent.exe modified
                                                                                                                                                                                                                                        07:38:41API Interceptor97x Sleep call for process: AgentPackageAgentInformation.exe modified
                                                                                                                                                                                                                                        07:38:48API Interceptor9109x Sleep call for process: AgentPackageSTRemote.exe modified
                                                                                                                                                                                                                                        07:39:04API Interceptor49x Sleep call for process: AgentPackageMonitoring.exe modified
                                                                                                                                                                                                                                        07:39:23API Interceptor3x Sleep call for process: AgentPackageSystemTools.exe modified
                                                                                                                                                                                                                                        07:39:26API Interceptor36x Sleep call for process: AgentPackageOsUpdates.exe modified
                                                                                                                                                                                                                                        07:39:27API Interceptor347x Sleep call for process: AgentPackageTicketing.exe modified
                                                                                                                                                                                                                                        07:39:27API Interceptor1x Sleep call for process: AgentPackageInternalPoller.exe modified
                                                                                                                                                                                                                                        07:39:29API Interceptor16x Sleep call for process: AgentPackageProgramManagement.exe modified
                                                                                                                                                                                                                                        07:39:44API Interceptor13x Sleep call for process: AgentPackageUpgradeAgent.exe modified
                                                                                                                                                                                                                                        13:39:22Task SchedulerRun new task: Monitoring Recovery path: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe s>schedulerrun
                                                                                                                                                                                                                                        13:39:47AutostartRun: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce {96ec02bb-b5fa-4892-a305-c6128466beda} "C:\ProgramData\Package Cache\{96ec02bb-b5fa-4892-a305-c6128466beda}\dotnet-runtime-6.0.35-win-x64.exe" /burn.runonce
                                                                                                                                                                                                                                        13:40:20Task SchedulerRun new task: AteraAgentServiceWatchdog path: C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe s>eyJBZ2VudElkIjoiZWZkZDJjNTgtZDUzYS00OGUwLWJkNjQtYjczNDMwYzc4OTM5IiwiQ29tbWFuZElkIjoiNGViOGIzYWUtM2ExZS00YzdiLWE3ZjMtODg0ZGIyNzIxODk4IiwiQWNjb3VudElkIjoiMDAxUTMwMDAwME12ZUNBSUFaIiwiQWdlbnRBcGlIb3N0IjoiYWdlbnQtYXBpLmF0ZXJhLmNvbS9Qcm9kdWN0aW9uIiwiQXJndW1lbnRzIjoie1x1MDAyMkNvbW1hbmROYW1lXHUwMDIyOlx1MDAyMmhlYWx0aGNoZWNrXHUwMDIyfSIsIkFnZW50RGlyZWN0b3J5IjoiIn0=

                                                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                                                        IPs

                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                        Domains

                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                                        3f5122.rbf (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):145968
                                                                                                                                                                                                                                        Entropy (8bit):5.874150428357998
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:bk/SImWggsVz8TzihTmmrG/GOXYsqRK3ybTXzpUTQM9/FMp:ISWB/YrRK3yb37
                                                                                                                                                                                                                                        MD5:477293F80461713D51A98A24023D45E8
                                                                                                                                                                                                                                        SHA1:E9AA4E6C514EE951665A7CD6F0B4A4C49146241D
                                                                                                                                                                                                                                        SHA-256:A96A0BA7998A6956C8073B6EFF9306398CC03FB9866E4CABF0810A69BB2A43B2
                                                                                                                                                                                                                                        SHA-512:23F3BD44A5FB66BE7FEA3F7D6440742B657E4050B565C1F8F4684722502D46B68C9E54DCC2486E7DE441482FCC6AA4AD54E94B1D73992EB5D070E2A17F35DE2F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O..e.........."...0.............f$... ...@....@.. ...............................1....`..................................$..O....@..,...............0(...`......."............................................... ............... ..H............text...|.... ...................... ..`.rsrc...,....@......................@..@.reloc.......`......................@..B................H$......H.......(...D4..........l!..p.............................................{....*.0..N........~......,.~.....+:(.......~....(........(....#.......@....,.(.....+.~.....+..*...0..;........(.......(.....1.(.......(........+....,.~.....+.~.....+..*..0..6........~....%-.&~..........s....%.....s ......o!.....o"....*...0..O........(...........~#...r...po$..........,..rG..ps%...z.rO..p.....(&....~.....o'....*..0..>........~#...r...po(............,'.~#...r...po$............,.rG..ps%...

                                                                                                                                                                                                                                        3f5123.rbf (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1442
                                                                                                                                                                                                                                        Entropy (8bit):5.076953226383825
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:JdfrdB2nk3Jc3J4YH33Jy34OqsJ+J4YHKJy34OOAPF7NhOXrRH2/d9r:3frf2nKS4YHJyILsJ+J4YHKJyIv47O7w
                                                                                                                                                                                                                                        MD5:B3BB71F9BB4DE4236C26578A8FAE2DCD
                                                                                                                                                                                                                                        SHA1:1AD6A034CCFDCE5E3A3CED93068AA216BD0C6E0E
                                                                                                                                                                                                                                        SHA-256:E505B08308622AD12D98E1C7A07E5DC619A2A00BCD4A5CBE04FE8B078BCF94A2
                                                                                                                                                                                                                                        SHA-512:FB6A46708D048A8F964839A514315B9C76659C8E1AB2CD8C5C5D8F312AA4FB628AB3CE5D23A793C41C13A2AA6A95106A47964DAD72A5ECB8D035106FC5B7BA71
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" /></startup>.... <appSettings>.. .. .. .. <add key="ClientSettingsProvider.ServiceUri" value="" />.. </appSettings>.. .. .. <system.web>.. <membership defaultProvider="ClientAuthenticationMembershipProvider">.. <providers>.. <add name="ClientAuthenticationMembershipProvider" type="System.Web.ClientServices.Providers.ClientFormsAuthenticationMembershipProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" />.. </providers>.. </membership>.. <roleManager defaultProvider="ClientRoleProvider" enabled="true">.. <providers>.. <add name="ClientRoleProvider" type="System.Web.ClientServices.Providers.ClientRoleProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" cacheTimeout="86

                                                                                                                                                                                                                                        3f5124.rbf (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):215088
                                                                                                                                                                                                                                        Entropy (8bit):6.030864151731967
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:r1uYsjrFIzmuxpOI/1MvCdRbpSISC8j7s/k:mIzm6pOIgvr7ok
                                                                                                                                                                                                                                        MD5:C106DF1B5B43AF3B937ACE19D92B42F3
                                                                                                                                                                                                                                        SHA1:7670FC4B6369E3FB705200050618ACAA5213637F
                                                                                                                                                                                                                                        SHA-256:2B5B7A2AFBC88A4F674E1D7836119B57E65FAE6863F4BE6832C38E08341F2D68
                                                                                                                                                                                                                                        SHA-512:616E45E1F15486787418A2B2B8ECA50CACAC6145D353FF66BF2C13839CD3DB6592953BF6FEED1469DB7DDF2F223416D5651CD013FB32F64DC6C72561AB2449AE
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....*............" ..0..............'... ...@....... ....................................`..................................'..O....@..t............ ..0(...`.......&..T............................................ ............... ..H............text........ ...................... ..`.rsrc...t....@......................@..@.reloc.......`......................@..B.................'......H........... ...................$&........................................( ...*"..(!...*&...("...*&...(#...*2.r...p(....*"..(....*&...(....*&...(....*2.rE..p(....*"..(....*&...(....*&...(....*2.r...p(....*"..(....*&...(....*&...(....*J..r...p($...(....*v....(%.....(%.....(%...(....*....L...%...%.r...p.%...%.r...p.%....%.r+..p.%...(&...(....*..(....*&...(....*&...(....*.0..)........{.........('...t......|......(...+...3.*....0..)........{.........()...t......|......(...+...3.

                                                                                                                                                                                                                                        3f5125.rbf (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):710192
                                                                                                                                                                                                                                        Entropy (8bit):5.96048066969898
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:3BARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTUU:3BA/ZTvQD0XY0AJBSjRlXP36RMGV
                                                                                                                                                                                                                                        MD5:2C4D25B7FBD1ADFD4471052FA482AF72
                                                                                                                                                                                                                                        SHA1:FD6CD773D241B581E3C856F9E6CD06CB31A01407
                                                                                                                                                                                                                                        SHA-256:2A7A84768CC09A15362878B270371DAAD9872CAACBBEEBE7F30C4A7ED6C03CA7
                                                                                                                                                                                                                                        SHA-512:F7F94EC00435466DB2FB535A490162B906D60A3CFA531A36C4C552183D62D58CCC9A6BB8BBFE39815844B0C3A861D3E1F1178E29DBCB6C09FA2E6EBBB7AB943A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ......J.....`.....................................O.......................0(.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                        3f5126.rbf (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):602672
                                                                                                                                                                                                                                        Entropy (8bit):6.145404526272746
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:UShQrHBJEwJiIJJ8TihsEWdzs29glRleqn4uRTJgwhVHhoNw0r17K7DDaiC3KM+9:gHDxJGihsEKwSuTuwvOWgFA
                                                                                                                                                                                                                                        MD5:17D74C03B6BCBCD88B46FCC58FC79A0D
                                                                                                                                                                                                                                        SHA1:BC0316E11C119806907C058D62513EB8CE32288C
                                                                                                                                                                                                                                        SHA-256:13774CC16C1254752EA801538BFB9A9D1328F8B4DD3FF41760AC492A245FBB15
                                                                                                                                                                                                                                        SHA-512:F1457A8596A4D4F9B98A7DCB79F79885FA28BD7FC09A606AD3CD6F37D732EC7E334A64458E51E65D839DDFCDF20B8B5676267AA8CED0080E8CF81A1B2291F030
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X............." ..0............." ... ...@....... ....................................`.....................................O....@..|...............0(...`..........T............................................ ............... ..H............text...(.... ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B................. ......H............{..................x.......................................r.(......}......}......}....*....0..,........-..{.....o...+.+..{.....{....s.....o...+..*V.(......}......}....*...0...................-..+..o....s"........o$......o,....,..o....,...,....o(........,...oH...,...o......+.......9......o....,..{......o....o....o......s..........o&...8.....{......o....o........9e.....o.....?X.....r...po....9G.....r...po....o....r...p.( ...9&.....r...po....9......r...po....o.....

                                                                                                                                                                                                                                        3f5127.rbf (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):73264
                                                                                                                                                                                                                                        Entropy (8bit):5.954475034553661
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:6784YWac+abptsy5VyYc/9n1RcGxzeeUVn9KyQgHo0JuresehaAR7HxRq:67N1r9KGI04CCARLq
                                                                                                                                                                                                                                        MD5:F4D9D65581BD82AF6108CFA3DD265A9A
                                                                                                                                                                                                                                        SHA1:A926695B1E5D3842D8345C56C087E58845307A16
                                                                                                                                                                                                                                        SHA-256:A3219CD30420EBCF7507C9C9F92FD551AE19999BE247CAA861A8A22D265BE379
                                                                                                                                                                                                                                        SHA-512:144C1195A440907592B22FC947F4284CA36869BDAE495EC8CA5212AF4F63E8E8492FB0EC3B37BF66DB912AF30864C69588D0E35ED9B3D24D36DF3B09DDB5B6C3
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0.................. ... ....... .......................`.......f....@.....................................O.... ..P...............0(...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H.......$...h...........................................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o ..........o!...........o"........*...o#..........o$..........o%...........o&...........o'........*....0..L.........o(..........o)..........o*...........o+...........o,...........o-........*.0..Y.........o...........o/..........o0...........o1...........o2...........o3...........o4.... ...*....0..k.........o5....

                                                                                                                                                                                                                                        3f5128.rbf (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3318832
                                                                                                                                                                                                                                        Entropy (8bit):6.534876879948643
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:yIBbo0WIgmjljFtXCdRLRBcJd+KaGxHIkMNqzP56O8lZ7qXUqi9p:DBbBWIgWljGxRB/LLp
                                                                                                                                                                                                                                        MD5:11CC798BAFA45BE12D27C68D6B59BA27
                                                                                                                                                                                                                                        SHA1:4D1CA0C0F1BC3691F5F852CC8D3ED88605B70434
                                                                                                                                                                                                                                        SHA-256:443A1C088E62810A954FFE9F0136F7A8D5E44928425D23B5284D936270D9837A
                                                                                                                                                                                                                                        SHA-512:FA0AEAF5309FD1593DB8AF774F18AA9CDA9B7ABD3F32D34CFD1B615EE68CECA0155DFB0AB7351E182B1B9D872BF41B19E66D2B597D2BA6300AF332A0F525C75A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....R............" ..0..r2..........&1.. ....2...... ........................2.....i.3...@.................................G&1.O.....2..............|2.0(....2.....X.(.p............................................ ............... ..H............text....p2.. ...r2................. ..`.rsrc.........2......t2.............@..@.reloc........2......z2.............@..B................{&1.....H...........$....................(.....................................V!........s.........*.~....-*(....o....o....o.........~....-.~.........~....*..( ...*...0..G.......(!....o"....s.1....s*,..%..(.... ....o.....o 0...Zo....t....o8(..(....*..0..$..........(.....(....o.....(!.......io#...*z...(....(!....o"...o....(....*..0............T....r...p.(O....o$....(....*..0..I.......sG...sB)..s.(..s.(...(....s6(....,..o%....2...(....sV(....+.....%..ox...*..( ...*V.(&.....}......}..

                                                                                                                                                                                                                                        C:\Config.Msi\3f511c.rbs

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):8817
                                                                                                                                                                                                                                        Entropy (8bit):5.660085602466599
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:vjWxz1ccbTOOeMeWf61b7r6IHfb7r6kAVv70HVotBVeZEmzmYpLAV77M0pY9Xr:vyD27TpTtiB2iA
                                                                                                                                                                                                                                        MD5:81D0B530678A9DA662AA6EA8ED2DAD53
                                                                                                                                                                                                                                        SHA1:A5AA7436CE296E9C4B4AADCA7C74C25620041843
                                                                                                                                                                                                                                        SHA-256:0A66D9BCD264430C1FD00FA51364F37AF8E13D212278FD790B51E43D1A972018
                                                                                                                                                                                                                                        SHA-512:3379B7BEC6EFD5A7B3CECCD7F73550EEF3F2C8E921EB014FB899538D782C47DC27EBC618DFBDDABEC3FED4432179C7D87D455629759EA9D71A3CD11F6E062F95
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Config.Msi\3f511c.rbs, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:...@IXOS.@.....@.<hY.@.....@.....@.....@.....@.....@......&.{E732A0D7-A2F2-4657-AC41-B19742648E45}..AteraAgent..gaYiWz75kv.msi.@.....@.....@.....@........&.{721AD955-79FD-4019-BBF5-9DCC4C1175BB}.....@.....@.....@.....@.......@.....@.....@.......@......AteraAgent......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....StopAteraServiceQuiet....KillAteraTaskQuiet....ProcessComponents..Updating component registration..&.{F7DFE9BA-9FAD-11DA-9578-00E08161165F}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{C8C868DC-3A5E-4180-A7BB-03D6282966CB}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{0EC8B23C-C723-41E1-9105-4B9C2CDAD47A}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{F1B1B9D1-F1B0-420C-9D93-F04E9BD4795D}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{5F95F700-DCA4-4880-B2D2-891AE0D6E1A3}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{F62C52BA-15C7-4C3D-AAB2-DE65004F9665}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{38F01010-E31

                                                                                                                                                                                                                                        C:\Config.Msi\3f5121.rbs

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):9483
                                                                                                                                                                                                                                        Entropy (8bit):5.566695601420784
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:ZjWG1cRRbLCsgRwbLCMDp17qEVl0pALALtyD0qagukGGhaKfmbHt1f6qkgrEcZ:ZyfRlgR2dtKKDq9T
                                                                                                                                                                                                                                        MD5:2AC78820570BD4B430AFC20570E64990
                                                                                                                                                                                                                                        SHA1:AD624AC344C6451F5B6DEA3A10BDB384A764F707
                                                                                                                                                                                                                                        SHA-256:74D5A593F3732CD9DA764FA5CC5F6C9E1EE0A9973FF2913B8317675532816F62
                                                                                                                                                                                                                                        SHA-512:6D9DDE52FFFE609BCE81CF2939307C66533E4E3F8A01C262F51580455329D57F9D3E42F297C3CFD0570E0B66FD8F4978F9B4A06FB475701E2E6751808FDE119F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Config.Msi\3f5121.rbs, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:...@IXOS.@.....@.<hY.@.....@.....@.....@.....@.....@......&.{E732A0D7-A2F2-4657-AC41-B19742648E45}..AteraAgent..gaYiWz75kv.msi.@.....@.....@.....@........&.{721AD955-79FD-4019-BBF5-9DCC4C1175BB}.....@.....@.....@.....@.......@.....@.....@.......@......AteraAgent......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....InstallInitialize$..@....z.Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7D0A237E2F2A7564CA141B792446E854\Transforms...@....(.$..@....@.Software\Microsoft\Windows\CurrentVersion\Installer\TempPackages...@....(.&...C:\Windows\Installer\3f511d.msi..#0$..@......Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7D0A237E2F2A7564CA141B792446E854\InstallPropertiesx.....\...l.............H.........?...................9...................?........... ... ........... ... ................@....%...AuthorizedCDFPrefix%...Comments%...Contact%...DisplayVersion..1.8.7.2%...HelpLink%...Help

                                                                                                                                                                                                                                        C:\Config.Msi\3f5129.rbs

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):8767
                                                                                                                                                                                                                                        Entropy (8bit):5.654467525633812
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:3y7wo+fncHMed1f6ITf6k7s5VNpkxYpLso:3Po+fncHnfVftSNpkcP
                                                                                                                                                                                                                                        MD5:DA52C8B3CAEF739731312263EB404EC6
                                                                                                                                                                                                                                        SHA1:A5AE407A591BC10310F180E8CAD4C8FEA9CF5A3B
                                                                                                                                                                                                                                        SHA-256:BA73328029F9D1CCC57DCEDFC832EFEC7A034F3F233282B0BE38FB87DAD88B85
                                                                                                                                                                                                                                        SHA-512:79DBB8CAFF0F308868C8A47240C0A784CCF36E0208351AEACB9BC0131D61362CD812F85BEF4B6E67E6493849A1309E4D6099C7604530195C1C831C78132ACBB0
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Config.Msi\3f5129.rbs, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:...@IXOS.@.....@.<hY.@.....@.....@.....@.....@.....@......&.{6B2921FF-79C1-4EBF-81B4-C606D4E5BEF4}..AteraAgent..ateraAgentSetup64_1_8_7_2.msi.@.....@.....@.....@........&.{911E9E2F-B38D-4D02-A148-5E49FC9D8943}.....@.....@.....@.....@.......@.....@.....@.......@......AteraAgent......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....StopAteraServiceQuiet....KillAteraTaskQuiet....ProcessComponents..Updating component registration..&.{F7DFE9BA-9FAD-11DA-9578-00E08161165F}&.{6B2921FF-79C1-4EBF-81B4-C606D4E5BEF4}.@......&.{C8C868DC-3A5E-4180-A7BB-03D6282966CB}&.{6B2921FF-79C1-4EBF-81B4-C606D4E5BEF4}.@......&.{0EC8B23C-C723-41E1-9105-4B9C2CDAD47A}&.{6B2921FF-79C1-4EBF-81B4-C606D4E5BEF4}.@......&.{F1B1B9D1-F1B0-420C-9D93-F04E9BD4795D}&.{6B2921FF-79C1-4EBF-81B4-C606D4E5BEF4}.@......&.{5F95F700-DCA4-4880-B2D2-891AE0D6E1A3}&.{6B2921FF-79C1-4EBF-81B4-C606D4E5BEF4}.@......&.{F62C52BA-15C7-4C3D-AAB2-DE65004F9665}&.{6B2921FF-79C1-4EBF-81B4-C606D4E5BEF4}.@......

                                                                                                                                                                                                                                        C:\Config.Msi\3f512d.rbs

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):57458
                                                                                                                                                                                                                                        Entropy (8bit):5.864926031836291
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:nL9BRzVH/GV1a67QzE/DBFIAL1UN7Tbob0qvJWj28erEReN4CVcaf1QeLHaH8o14:zwI5iRjW38
                                                                                                                                                                                                                                        MD5:FA3F2D0AB7433097CABB27A3B9D11FD8
                                                                                                                                                                                                                                        SHA1:999BD359B94BF79D882452DF3F9D3D031106A6D7
                                                                                                                                                                                                                                        SHA-256:B4280300D827681B360F74D1DF302B8CBFF88B52D394C52AAEA8665261EC69E4
                                                                                                                                                                                                                                        SHA-512:39232C4B6C4F095A4EED36801CD5DC8B3B391AB8842C143A70B6993250595A11E1B6CB0813E5AD6896019B1EAF6BA46A7EB407639CF192BE15852BC1C8827D29
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:...@IXOS.@.....@.<hY.@.....@.....@.....@.....@.....@......&.{C79F6EEC-3A2B-487D-A3B6-EDF4057B4E4B}%.Microsoft .NET Runtime - 6.0.35 (x64)!.dotnet-runtime-6.0.35-win-x64.msi.@.....@.S.0.@.....@........&.{76657AF8-AF4E-4FA9-9A39-80AC267D9B11}.....@.....@.....@.....@.......@.....@.....@.......@....%.Microsoft .NET Runtime - 6.0.35 (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{BCDE6883-BAB7-54AB-B504-D8C3F75FDB2A}&.{C79F6EEC-3A2B-487D-A3B6-EDF4057B4E4B}.@......&.{F621578B-E081-5FC4-B0C5-A151B816DC51}&.{C79F6EEC-3A2B-487D-A3B6-EDF4057B4E4B}.@......&.{B0658A77-9697-57AB-AEF0-C49F5788A264}&.{C79F6EEC-3A2B-487D-A3B6-EDF4057B4E4B}.@......&.{120A93F0-81ED-50CA-849C-D3C267F0E1B9}&.{C79F6EEC-3A2B-487D-A3B6-EDF4057B4E4B}.@......&.{B6486357-3BB8-567F-A403-76642301DF0F}&.{C79F6EEC-3A2B-487D-A3B6-EDF4057B4E4B}.@......&.{7DD77B54-D0C8-5E10-9C80-EE381420C680}&.{C79F6EEC-3A2B-487D-A3B6-EDF4057B4E

                                                                                                                                                                                                                                        C:\Config.Msi\3f5131.rbs

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):9062
                                                                                                                                                                                                                                        Entropy (8bit):5.595800586511085
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:aFtGg8V0kePbptKIIxKICTBO76E6NZG6XXHws3M6p7RV/tbM7YB:auCKlKLH
                                                                                                                                                                                                                                        MD5:18BBD22D807FC9253B49A1F92DE64545
                                                                                                                                                                                                                                        SHA1:AAF366392A754E7234554E1BE086C3260BD297B6
                                                                                                                                                                                                                                        SHA-256:0FC08F217C8E05FED77270CDBA0B27BC293EE528270800E7F875A99FFC74DE72
                                                                                                                                                                                                                                        SHA-512:654F7B0D2604AB2B6506896C680D885677B456F2166ECF08674E444AA8088D43D9B4D1A1F8624F94F6A042736259E275510C2CEA1FC1732B3566ADF936948416
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:...@IXOS.@.....@.=hY.@.....@.....@.....@.....@.....@......&.{E91F8AC1-4917-455E-AACA-B40B193C7A62}..Microsoft .NET Host FX Resolver - 6.0.35 (x64)!.dotnet-hostfxr-6.0.35-win-x64.msi.@.....@.S.0.@.....@........&.{4E46258D-E612-40D6-A98B-8F64771E3561}.....@.....@.....@.....@.......@.....@.....@.......@......Microsoft .NET Host FX Resolver - 6.0.35 (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{E3262256-B959-50C5-91BD-D2C1656236F1}&.{E91F8AC1-4917-455E-AACA-B40B193C7A62}.@......&.{B59DD035-01D3-57CD-A06D-224838439FEA}&.{E91F8AC1-4917-455E-AACA-B40B193C7A62}.@......&.{8EC524B8-7864-5ACE-B320-2D36216EBC12}&.{E91F8AC1-4917-455E-AACA-B40B193C7A62}.@........InstallFiles..Copying new files&.File: [1], Directory: [9], Size: [6]..(.C:\Program Files\dotnet\host\fxr\6.0.35\....3.C:\Program Files\dotnet\host\fxr\6.0.35\hostfxr.dll....WriteRegistryValues..Writing system registry values..Key:

                                                                                                                                                                                                                                        C:\Config.Msi\3f5135.rbs

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10280
                                                                                                                                                                                                                                        Entropy (8bit):5.646050330710531
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:xd3qLUB71Ew8lnfsehtlIImlI9OE5Bai6pe:xddB71Ew6LlalxS
                                                                                                                                                                                                                                        MD5:98037B36DD4B1FA8F0EFB0FCE4B63E26
                                                                                                                                                                                                                                        SHA1:B6BEE4A10D2061F730256A18724FE3C1424E8ACD
                                                                                                                                                                                                                                        SHA-256:318389E4FA71EC4510BDFA8BA8595F5D295B92434D0AEB6B81F011E5E3C90CC2
                                                                                                                                                                                                                                        SHA-512:F63EBEF69265695E3A9E7B5D2F988BBBD05F6E0A5536B3725D9EBD518D9BD1D73902B639617C258DBE3A0A63F12928F73C5D0B29DC410E4CE3D5F316DFFD30FF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:...@IXOS.@.....@.=hY.@.....@.....@.....@.....@.....@......&.{C59601A1-771B-426B-A9F7-6CACCAC4DB4E}".Microsoft .NET Host - 6.0.35 (x64)..dotnet-host-6.0.35-win-x64.msi.@.....@.S.0.@.....@........&.{C44636B0-CF91-423F-8EBB-E5C6C9CC18A4}.....@.....@.....@.....@.......@.....@.....@.......@....".Microsoft .NET Host - 6.0.35 (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{3AB1371A-161F-5BD9-98C8-F9BF7A103CA5}&.{C59601A1-771B-426B-A9F7-6CACCAC4DB4E}.@......&.{45399BBB-DDA5-4386-A2E9-618FB3C54A18}&.{C59601A1-771B-426B-A9F7-6CACCAC4DB4E}.@......&.{EA9C3F98-F9B1-5212-8980-CFEAF2B15E0D}&.{C59601A1-771B-426B-A9F7-6CACCAC4DB4E}.@......&.{E4E008C8-57A8-5040-BB34-03024B15B6C5}&.{C59601A1-771B-426B-A9F7-6CACCAC4DB4E}.@......&.{CE35924C-AD31-51DF-B84A-A8052ED08400}&.{C59601A1-771B-426B-A9F7-6CACCAC4DB4E}.@......&.{A61CBE5B-1282-4F29-90AD-63597AA2372E}&.{C59601A1-771B-426B-A9F7-6CACCAC4DB4E}.@....

                                                                                                                                                                                                                                        C:\Config.Msi\3f5138.rbs

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3816
                                                                                                                                                                                                                                        Entropy (8bit):5.080641892029475
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:Rmycd75ge4fkTRTitlQLGT/fkTXlnlSTitlQLGTXlnlLWfQT2fYeUZJFQJI:Rmycdtge4stTlG7splSTlGplLWIiQ3Uy
                                                                                                                                                                                                                                        MD5:8D7E0C7B578FAB1A0DBFE6A0C0E91540
                                                                                                                                                                                                                                        SHA1:DC914971119AE224E3310CA29BD70456EBE84628
                                                                                                                                                                                                                                        SHA-256:EC426A10F79B45E64B224E716FCF1B13B3BC5571E41F093CACC8AEB0DB3E8168
                                                                                                                                                                                                                                        SHA-512:5B37E5D0FA4B3640474D3E7B3BA502EE573792A7E72C7AABD7992EFBC1526345B6BD7C1361D7D8F9AE79C4584C84724B6D959782D2E98E17C60259F5B23F954A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:...@IXOS.@.....@.=hY.@.....@.....@.....@.....@.....@......&.{C79F6EEC-3A2B-487D-A3B6-EDF4057B4E4B}%.Microsoft .NET Runtime - 6.0.35 (x64)!.dotnet-runtime-6.0.35-win-x64.msi.@.....@.S.0.@.....@........&.{76657AF8-AF4E-4FA9-9A39-80AC267D9B11}.....@.....@.....@.....@.......@.....@.....@.......@....%.Microsoft .NET Runtime - 6.0.35 (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....RegisterProduct..Registering product..[1]$..@......Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CEE6F97CB2A3D7843A6BDE4F50B7E4B4\InstallPropertiesx.....\...l.............H.........?...................9...................?........... ... ........... ... ................@....$..@....3.Software\Microsoft\Windows\CurrentVersion\Uninstall.............................................. ...!................... ...!.......?........... ... ................... ... .......?.......................................?.............................

                                                                                                                                                                                                                                        C:\Config.Msi\3f513a.rbs

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3870
                                                                                                                                                                                                                                        Entropy (8bit):5.0875259819015
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:Rmgodtfue4QEtTlF7QEsWkTlFsWVWQwiQ4Gl+My:sFtWexUk15XongB
                                                                                                                                                                                                                                        MD5:C1A2B98EA3273BA9F82BD9E1A3399181
                                                                                                                                                                                                                                        SHA1:D7C5FB28109EAD4E671A1E6C02AFCB87094C49DA
                                                                                                                                                                                                                                        SHA-256:8671C5DD5B519C33967BE12B8B66BC0B018A1554417E8B2181ED37A69CB4DF6D
                                                                                                                                                                                                                                        SHA-512:C5CA08C6199CE5AFA43EB30648CBC8528A03DF7B50A12B867446352ACE7A14FF478D84F01361A01F2EA0441FDE762D6A1F84309DF75468B37C4DB6476247EDA3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:...@IXOS.@.....@.=hY.@.....@.....@.....@.....@.....@......&.{E91F8AC1-4917-455E-AACA-B40B193C7A62}..Microsoft .NET Host FX Resolver - 6.0.35 (x64)!.dotnet-hostfxr-6.0.35-win-x64.msi.@.....@.S.0.@.....@........&.{4E46258D-E612-40D6-A98B-8F64771E3561}.....@.....@.....@.....@.......@.....@.....@.......@......Microsoft .NET Host FX Resolver - 6.0.35 (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....RegisterProduct..Registering product..[1]$..@......Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1CA8F19E7194E554AAAC4BB091C3A726\InstallPropertiesx.....\...l.............H.........?...................9...................?........... ... ........... ... ................@....$..@....3.Software\Microsoft\Windows\CurrentVersion\Uninstall.............................................. ...!................... ...!.......?........... ... ................... ... .......?.......................................?...........

                                                                                                                                                                                                                                        C:\Config.Msi\3f513c.rbs

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3795
                                                                                                                                                                                                                                        Entropy (8bit):5.054882304733694
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:EmmgjdqJLue490tTlQ7904KkTlQ4KVW9Ai9IvVR8y:B3qgeP6iB
                                                                                                                                                                                                                                        MD5:E5DCB715A7BF8864F693A799CB3A90DA
                                                                                                                                                                                                                                        SHA1:6833479905A4DBA77EB689DF4AC297A13B30F579
                                                                                                                                                                                                                                        SHA-256:A821DA91727645EFB6B3A714969A74BB0A0E591BD6E048D94EDDEF568D16F783
                                                                                                                                                                                                                                        SHA-512:C85E5A3D6A42386371B54BC88BF8A2CBEA982816D310F134512C0FC3839AC8324CED1C973977534B1E39546C9CAD0A8477508398A023A2159715D80C2CCF463F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:...@IXOS.@.....@.=hY.@.....@.....@.....@.....@.....@......&.{C59601A1-771B-426B-A9F7-6CACCAC4DB4E}".Microsoft .NET Host - 6.0.35 (x64)..dotnet-host-6.0.35-win-x64.msi.@.....@.S.0.@.....@........&.{C44636B0-CF91-423F-8EBB-E5C6C9CC18A4}.....@.....@.....@.....@.......@.....@.....@.......@....".Microsoft .NET Host - 6.0.35 (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....RegisterProduct..Registering product..[1]$..@......Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1A10695CB177B6249A7FC6CAAC4CBDE4\InstallPropertiesx.....\...l.............H.........?...................9...................?........... ... ........... ... ................@....$..@....3.Software\Microsoft\Windows\CurrentVersion\Uninstall.............................................. ...!................... ...!.......?........... ... ................... ... .......?.......................................?......................................

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):753
                                                                                                                                                                                                                                        Entropy (8bit):4.853078320826549
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:qLLYem7haYNem7hcomf3em7hUQLtygXnC9xkKxeCsx/Yem7haYNem7hcomf3em7B:qLUVhzVhM3VhdLtXXIxkKxeCsOVhzVhY
                                                                                                                                                                                                                                        MD5:8298451E4DEE214334DD2E22B8996BDC
                                                                                                                                                                                                                                        SHA1:BC429029CC6B42C59C417773EA5DF8AE54DBB971
                                                                                                                                                                                                                                        SHA-256:6FBF5845A6738E2DC2AA67DD5F78DA2C8F8CB41D866BBBA10E5336787C731B25
                                                                                                                                                                                                                                        SHA-512:CDA4FFD7D6C6DFF90521C6A67A3DBA27BF172CC87CEE2986AE46DCCD02F771D7E784DCAD8AEA0AD10DECF46A1C8AE1041C184206EC2796E54756E49B9217D7BA
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.Installing assembly 'C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe'...Affected parameters are:.. logtoconsole = .. assemblypath = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.. logfile = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog..Installing service AteraAgent.....Service AteraAgent has been successfully installed...Creating EventLog source AteraAgent in log Application.....Committing assembly 'C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe'...Affected parameters are:.. logtoconsole = .. assemblypath = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.. logfile = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallState

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (7463), with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):7466
                                                                                                                                                                                                                                        Entropy (8bit):5.1606801095705865
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:R3DrP/zatgCnNjn1x62muDr9aHmzcv/65m7JDcm0BefnanGEkn56vT4ZvR++JDr+:NexdYX7OSRjXsaA0Ndhi
                                                                                                                                                                                                                                        MD5:362CE475F5D1E84641BAD999C16727A0
                                                                                                                                                                                                                                        SHA1:6B613C73ACB58D259C6379BD820CCA6F785CC812
                                                                                                                                                                                                                                        SHA-256:1F78F1056761C6EBD8965ED2C06295BAFA704B253AFF56C492B93151AB642899
                                                                                                                                                                                                                                        SHA-512:7630E1629CF4ABECD9D3DDEA58227B232D5C775CB480967762A6A6466BE872E1D57123B08A6179FE1CFBC09403117D0F81BC13724F259A1D25C1325F1EAC645B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?><ArrayOfKeyValueOfanyTypeanyType xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns:x="http://www.w3.org/2001/XMLSchema" z:Id="1" z:Type="System.Collections.Hashtable" z:Assembly="0" xmlns:z="http://schemas.microsoft.com/2003/10/Serialization/" xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><LoadFactor z:Id="2" z:Type="System.Single" z:Assembly="0" xmlns="">0.72</LoadFactor><Version z:Id="3" z:Type="System.Int32" z:Assembly="0" xmlns="">2</Version><Comparer i:nil="true" xmlns="" /><HashCodeProvider i:nil="true" xmlns="" /><HashSize z:Id="4" z:Type="System.Int32" z:Assembly="0" xmlns="">3</HashSize><Keys z:Id="5" z:Type="System.Object[]" z:Assembly="0" z:Size="2" xmlns=""><anyType z:Id="6" z:Type="System.String" z:Assembly="0" xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays">_reserved_nestedSavedStates</anyType><anyType z:Id="7" z:Type="System.String" z:Assembly="0" xmlns="http://schemas.microsoft.com/20

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):145968
                                                                                                                                                                                                                                        Entropy (8bit):5.874150428357998
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:bk/SImWggsVz8TzihTmmrG/GOXYsqRK3ybTXzpUTQM9/FMp:ISWB/YrRK3yb37
                                                                                                                                                                                                                                        MD5:477293F80461713D51A98A24023D45E8
                                                                                                                                                                                                                                        SHA1:E9AA4E6C514EE951665A7CD6F0B4A4C49146241D
                                                                                                                                                                                                                                        SHA-256:A96A0BA7998A6956C8073B6EFF9306398CC03FB9866E4CABF0810A69BB2A43B2
                                                                                                                                                                                                                                        SHA-512:23F3BD44A5FB66BE7FEA3F7D6440742B657E4050B565C1F8F4684722502D46B68C9E54DCC2486E7DE441482FCC6AA4AD54E94B1D73992EB5D070E2A17F35DE2F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O..e.........."...0.............f$... ...@....@.. ...............................1....`..................................$..O....@..,...............0(...`......."............................................... ............... ..H............text...|.... ...................... ..`.rsrc...,....@......................@..@.reloc.......`......................@..B................H$......H.......(...D4..........l!..p.............................................{....*.0..N........~......,.~.....+:(.......~....(........(....#.......@....,.(.....+.~.....+..*...0..;........(.......(.....1.(.......(........+....,.~.....+.~.....+..*..0..6........~....%-.&~..........s....%.....s ......o!.....o"....*...0..O........(...........~#...r...po$..........,..rG..ps%...z.rO..p.....(&....~.....o'....*..0..>........~#...r...po(............,'.~#...r...po$............,.rG..ps%...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1442
                                                                                                                                                                                                                                        Entropy (8bit):5.076953226383825
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:JdfrdB2nk3Jc3J4YH33Jy34OqsJ+J4YHKJy34OOAPF7NhOXrRH2/d9r:3frf2nKS4YHJyILsJ+J4YHKJyIv47O7w
                                                                                                                                                                                                                                        MD5:B3BB71F9BB4DE4236C26578A8FAE2DCD
                                                                                                                                                                                                                                        SHA1:1AD6A034CCFDCE5E3A3CED93068AA216BD0C6E0E
                                                                                                                                                                                                                                        SHA-256:E505B08308622AD12D98E1C7A07E5DC619A2A00BCD4A5CBE04FE8B078BCF94A2
                                                                                                                                                                                                                                        SHA-512:FB6A46708D048A8F964839A514315B9C76659C8E1AB2CD8C5C5D8F312AA4FB628AB3CE5D23A793C41C13A2AA6A95106A47964DAD72A5ECB8D035106FC5B7BA71
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" /></startup>.... <appSettings>.. .. .. .. <add key="ClientSettingsProvider.ServiceUri" value="" />.. </appSettings>.. .. .. <system.web>.. <membership defaultProvider="ClientAuthenticationMembershipProvider">.. <providers>.. <add name="ClientAuthenticationMembershipProvider" type="System.Web.ClientServices.Providers.ClientFormsAuthenticationMembershipProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" />.. </providers>.. </membership>.. <roleManager defaultProvider="ClientRoleProvider" enabled="true">.. <providers>.. <add name="ClientRoleProvider" type="System.Web.ClientServices.Providers.ClientRoleProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" cacheTimeout="86

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3318832
                                                                                                                                                                                                                                        Entropy (8bit):6.534876879948643
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:yIBbo0WIgmjljFtXCdRLRBcJd+KaGxHIkMNqzP56O8lZ7qXUqi9p:DBbBWIgWljGxRB/LLp
                                                                                                                                                                                                                                        MD5:11CC798BAFA45BE12D27C68D6B59BA27
                                                                                                                                                                                                                                        SHA1:4D1CA0C0F1BC3691F5F852CC8D3ED88605B70434
                                                                                                                                                                                                                                        SHA-256:443A1C088E62810A954FFE9F0136F7A8D5E44928425D23B5284D936270D9837A
                                                                                                                                                                                                                                        SHA-512:FA0AEAF5309FD1593DB8AF774F18AA9CDA9B7ABD3F32D34CFD1B615EE68CECA0155DFB0AB7351E182B1B9D872BF41B19E66D2B597D2BA6300AF332A0F525C75A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....R............" ..0..r2..........&1.. ....2...... ........................2.....i.3...@.................................G&1.O.....2..............|2.0(....2.....X.(.p............................................ ............... ..H............text....p2.. ...r2................. ..`.rsrc.........2......t2.............@..@.reloc........2......z2.............@..B................{&1.....H...........$....................(.....................................V!........s.........*.~....-*(....o....o....o.........~....-.~.........~....*..( ...*...0..G.......(!....o"....s.1....s*,..%..(.... ....o.....o 0...Zo....t....o8(..(....*..0..$..........(.....(....o.....(!.......io#...*z...(....(!....o"...o....(....*..0............T....r...p.(O....o$....(....*..0..I.......sG...sB)..s.(..s.(...(....s6(....,..o%....2...(....sV(....+.....%..ox...*..( ...*V.(&.....}......}..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):215088
                                                                                                                                                                                                                                        Entropy (8bit):6.030864151731967
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:r1uYsjrFIzmuxpOI/1MvCdRbpSISC8j7s/k:mIzm6pOIgvr7ok
                                                                                                                                                                                                                                        MD5:C106DF1B5B43AF3B937ACE19D92B42F3
                                                                                                                                                                                                                                        SHA1:7670FC4B6369E3FB705200050618ACAA5213637F
                                                                                                                                                                                                                                        SHA-256:2B5B7A2AFBC88A4F674E1D7836119B57E65FAE6863F4BE6832C38E08341F2D68
                                                                                                                                                                                                                                        SHA-512:616E45E1F15486787418A2B2B8ECA50CACAC6145D353FF66BF2C13839CD3DB6592953BF6FEED1469DB7DDF2F223416D5651CD013FB32F64DC6C72561AB2449AE
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....*............" ..0..............'... ...@....... ....................................`..................................'..O....@..t............ ..0(...`.......&..T............................................ ............... ..H............text........ ...................... ..`.rsrc...t....@......................@..@.reloc.......`......................@..B.................'......H........... ...................$&........................................( ...*"..(!...*&...("...*&...(#...*2.r...p(....*"..(....*&...(....*&...(....*2.rE..p(....*"..(....*&...(....*&...(....*2.r...p(....*"..(....*&...(....*&...(....*J..r...p($...(....*v....(%.....(%.....(%...(....*....L...%...%.r...p.%...%.r...p.%....%.r+..p.%...(&...(....*..(....*&...(....*&...(....*.0..)........{.........('...t......|......(...+...3.*....0..)........{.........()...t......|......(...+...3.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):710192
                                                                                                                                                                                                                                        Entropy (8bit):5.96048066969898
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:3BARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTUU:3BA/ZTvQD0XY0AJBSjRlXP36RMGV
                                                                                                                                                                                                                                        MD5:2C4D25B7FBD1ADFD4471052FA482AF72
                                                                                                                                                                                                                                        SHA1:FD6CD773D241B581E3C856F9E6CD06CB31A01407
                                                                                                                                                                                                                                        SHA-256:2A7A84768CC09A15362878B270371DAAD9872CAACBBEEBE7F30C4A7ED6C03CA7
                                                                                                                                                                                                                                        SHA-512:F7F94EC00435466DB2FB535A490162B906D60A3CFA531A36C4C552183D62D58CCC9A6BB8BBFE39815844B0C3A861D3E1F1178E29DBCB6C09FA2E6EBBB7AB943A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ......J.....`.....................................O.......................0(.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog.zip

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1967254
                                                                                                                                                                                                                                        Entropy (8bit):7.99899464874092
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:49152:GIvTD8ZtXieZ2TfM38pgpbNQRcMzGExh+26D4o0Ydyg:XTD8ZweZbMy5QFGExw9D4oVH
                                                                                                                                                                                                                                        MD5:8DE5A7A19D882820893D8B911C1710FB
                                                                                                                                                                                                                                        SHA1:95CDF5855BC5E454C8944952697AB142F77124F7
                                                                                                                                                                                                                                        SHA-256:2BEE5835A45E74F454648C57FEF0D6FCA40D64308F813CB759CCAB1B2AB576A9
                                                                                                                                                                                                                                        SHA-512:3056784D9A1AE5A8A5DD92D7ED6AD1311E863E41A6CA5971AAC5D626DA1338DA44D0828448AA9AB1F9EDB88AFBAAACD57660C4C102812BC94240654B8D5237A7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:PK.........BfY................Agent.Package.Watchdog/PK.........AfY.#.L>.......7...Agent.Package.Watchdog/Agent.Package.Watchdog.deps.jsonr...+v..$...01%...{.r`..P....F|..A...;.[...j....u.....z.).E..q...s*...D...4.....Es.^+C.......P.3b.......o..i_&#..?..D..}...~&L....D.C.y......dm...A....6..:.s..^L.I6{.......c)2s.<...hU.n.(#.7.15..q...o..j..n..=.g{.mN.....jH..5......N$......Q_..?VY/.[Dk..V..56.V.C,.....x..6...Z2b...t.....%..u..gR.3...{..<:.z..v..+c6A2.f.!+Sa..p0;^..E.]............2....1..@p.6.!..|~.}.vj........-...hB.......&R.i.=..G.....g.A..~f.. 8..F......*..j.....O.....b...6..%9.x.Q.z_K@%...[.k1a.w4U...x.V.ae..E%`B(....."oz!...h..+...XP.i...B.^...i..A.......(I.1....O...d.O.yt..=e%O.s........YUC.B=m..g]....x\\8...0k*P.e~p...d.....e...`..2.6.<2`.s9.f.F......z>8.L.i....y..Sj3.`.].F.......e...Fb.....U.A]..8......*...]R[O....... \.....X`..2...#](.M...(..k?...L%Y.&....M..=&.......t.c`[..&..h.OV./.b#.>..T...!td....Z......d[,........^$...<.P3.;..=..m

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.deps.json

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):39359
                                                                                                                                                                                                                                        Entropy (8bit):5.001107788783311
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:YT5DUarXaaec21v5Oc55MNXP4RBTEQ88jnfA:YNDUarXaaecC5Oc55mXP4TTEuA
                                                                                                                                                                                                                                        MD5:D4D3077248D2EC265329DA2BB4EB1409
                                                                                                                                                                                                                                        SHA1:C4118CD8CC0C738D212BD57B262C83652BD06582
                                                                                                                                                                                                                                        SHA-256:6E5DCE5A789BB451AF3B5136C9832DA6A621A92EAA151D1BA699B9C0FB6CFB9E
                                                                                                                                                                                                                                        SHA-512:AC479A172E4F0E90A096B13D5F785EC3184F214000B9578D835E9A4FBF7BA64F3C2D0F679C6B0F325B9A34623E8548CBD4B8C1873A4DF1CAFECC94AAD343F7BD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:{.. "runtimeTarget": {.. "name": ".NETCoreApp,Version=v6.0",.. "signature": "".. },.. "compilationOptions": {},.. "targets": {.. ".NETCoreApp,Version=v6.0": {.. "Agent.Package.Watchdog/1.7": {.. "dependencies": {.. "Atera.Agent.Package.Infrastructure": "1.2.4",.. "Atera.Agent.Package.Tools": "1.0.22",.. "System.ServiceProcess.ServiceController": "8.0.0",.. "TaskScheduler": "2.10.1".. },.. "runtime": {.. "Agent.Package.Watchdog.dll": {}.. }.. },.. "Atera.Agent.Package.Infrastructure/1.2.4": {.. "dependencies": {.. "Microsoft.Extensions.Hosting": "7.0.1",.. "Newtonsoft.Json": "13.0.3",.. "Polly": "7.2.3",.. "Serilog.Extensions.Hosting": "5.0.1",.. "Serilog.Sinks.File": "5.0.0".. },.. "runtime": {.. "lib/net6.0/Atera.Agent.Package.Infrastructure.dll": {.. "assemblyVersion": "1.2.4.0",.. "fileVe

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):35408
                                                                                                                                                                                                                                        Entropy (8bit):6.4700416722695895
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:i0uXcA8f/rEacom1OiYW32L0k8pJsjmd+uE8aNmHCiYVGx5mNyb8E9VF6IYijSJV:iDXcA8HBcomwxW3Rk3C+udBuEpYi60Y
                                                                                                                                                                                                                                        MD5:982E427EAFC97BD0044FD50745B72A6B
                                                                                                                                                                                                                                        SHA1:978C94A813E0931D62A28A8D40BF3F19CE504029
                                                                                                                                                                                                                                        SHA-256:9590664E74B2A011504764572E4E7DA12758415167958FE512E98CA3278F2AEC
                                                                                                                                                                                                                                        SHA-512:25461E9A3BC9B7D01FC6EC19F05AB5B313C81B5A3ED015F7A95DC7B493EDED733EEF181C2CDB840F9CC8AC497FCEB14D857825AB4EB55EE4138EB8A12CC6A352
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0..X...........w... ........@.. ...............................H....`.................................4w..O....................b..P(...........w............................................... ............... ..H............text....W... ...X.................. ..`.rsrc................Z..............@..@.reloc...............`..............@..B................hw......H........2..<D............................................................{....*..{....*..{....*..{....*..{....*..{....*..(......}......}......}.......}.......}.......}....*....0...........u.......;.....9....(.....{.....{....o....,w(.....{.....{....o....,_( ....{.....{....o!...,G("....{.....{....o#...,/($....{.....{....o%...,.(&....{.....{....o'...*.*.*..0.......... ...9 )UU.Z(.....{....o(...X )UU.Z(.....{....o)...X )UU.Z( ....{....o*...X )UU.Z("....{....o+...X )UU.Z($....{..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):161360
                                                                                                                                                                                                                                        Entropy (8bit):6.243597431749339
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:I5vnr5Tbx829UOeKnn2LFzZBp13u36wKp4CULCXodwpz:IBKjK2LFzZNfJULq7z
                                                                                                                                                                                                                                        MD5:242D415E238789FBC57C5AC7E8CA5D02
                                                                                                                                                                                                                                        SHA1:09C1E25E035BE67C9FBFA23B336E26BFD2C76D04
                                                                                                                                                                                                                                        SHA-256:7F3DED5BF167553A5A09CA8A9D80A451EB71CCECC043BDA1DD8080A2CBE35FA2
                                                                                                                                                                                                                                        SHA-512:AC55D401951ECF0112051DB033CC9014E824AB6A5ED9EA129A8793408D9BF2446CB3C15711E59A8577E0F60D858A4639E99E38D6232315F0F39DF2C40217EA40
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........?...^.J.^.J.^.J.+.K.^.J.+.K.^.J.+.K.^.J.&GJ.^.J^,.K.^.J.^.J@^.JG+.K.^.JG+.K.^.JRich.^.J........................PE..d......f..........".................P@.........@..........................................`.................................................|(...............`..L....N..P(.......... ...T.......................(.......8............................................text............................... ..`.rdata..............................@..@.data...X....@......."..............@....pdata..L....`.......,..............@..@_RDATA...............B..............@..@.reloc...............D..............@..B.rsrc................H..............@..@........................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.ini

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):13
                                                                                                                                                                                                                                        Entropy (8bit):3.7004397181410926
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:WhUmov:Wvov
                                                                                                                                                                                                                                        MD5:82F71B382E51CAE212E670779DBDF14E
                                                                                                                                                                                                                                        SHA1:C764F353E7B76236468649989C39EAEF3B97E701
                                                                                                                                                                                                                                        SHA-256:B57642302DEA3460BD78B6D9C62593939852C8526BA1779067D411E4DDA3DE17
                                                                                                                                                                                                                                        SHA-512:C5687A7DBBD4C714181F1ECFE1810A48109A4D9D4E3E90E88DA67FA3CB2736D5B3AA260B6680FA6A07FAA66CCB59DB05F9E8E345FD0DC50ABB63CB83DAAF0BFF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:version=1.7..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.runtimeconfig.json

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):288
                                                                                                                                                                                                                                        Entropy (8bit):4.622820819612829
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:3Hp/hdNyhAkv3Opo/XCkyFNOJeZS1sHZeQ6NOCUo+K8EkNTy:dFkv3OpJ5MeU1s5hex+K8Es2
                                                                                                                                                                                                                                        MD5:AA6C95679FBDCCE9930CD0588089344B
                                                                                                                                                                                                                                        SHA1:46294C035BFB927915DC089C67475610AF904E86
                                                                                                                                                                                                                                        SHA-256:8DA9CA03D76A3AA7BAB068EC578B441B3DC3BA7F9C94EE42203286B8E650F5B9
                                                                                                                                                                                                                                        SHA-512:91EC4C51D846AA4D881F02FFE051B4A6BDD7263574214186D7D8609AD4447E38D5547586C3B973FD6371622A6F574B767405074ABC96CFF40B7B3D7C8A9F7842
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:{.. "runtimeOptions": {.. "tfm": "net6.0",.. "rollForward": "LatestMajor",.. "framework": {.. "name": "Microsoft.NETCore.App",.. "version": "6.0.0".. },.. "configProperties": {.. "System.Reflection.Metadata.MetadataUpdater.IsSupported": false.. }.. }..}

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Atera.Agent.Package.Infrastructure.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):53840
                                                                                                                                                                                                                                        Entropy (8bit):6.297907121687926
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:8dUSqld/oh93y+UR4ULL4L88EKNoo9sXQqthEpYi60QY:8d2P/phL4L8KGo9sgqtK76u
                                                                                                                                                                                                                                        MD5:1A5F29E19AFB572B5380F3CFDD935D6A
                                                                                                                                                                                                                                        SHA1:4A8432F57161886AAEC2D6761F5677BBE2A68F3E
                                                                                                                                                                                                                                        SHA-256:E0F10B6137F48219EF31700A6C668857306EDB6ABF8911853331C8A7B5E55A23
                                                                                                                                                                                                                                        SHA-512:638F5440A11ABA7D453D58B8158E6CA4A453297356D67E1CC59C693A32774D57BFC0BF1A407BDCD15BE892E8012B31C21577A60395E20EC0C3E88F804308B573
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#.(..........." ..0.................. ........... ....................................`.................................X...O.......t...............P(..........P...T............................................ ............... ..H............text........ ...................... ..`.rsrc...t...........................@..@.reloc..............................@..B........................H........I...t............................................................{....*..{....*..{....*r.(......}......}......}....*....0..Y........u........L.,G(.....{.....{....o....,/(.....{.....{....o....,.(.....{.....{....o....*.*.*....0..K....... M.. )UU.Z(.....{....o....X )UU.Z(.....{....o....X )UU.Z(.....{....o ...X*..0...........r...p......%..{.......%q.........-.&.+.......o!....%..{.......%q.........-.&.+.......o!....%..{.......%q.........-.&.+.......o!....("...*..(#...*^.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Atera.Agent.Package.Tools.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):66640
                                                                                                                                                                                                                                        Entropy (8bit):6.272861820966947
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:ZO4QNCMhTIDWo+hDbEicjIeoCtU1a1ZTG/2u2Xv2vFbanu5jEpYi60IKx:TQTIywi3eobgTG/2u2/wb0u5c766x
                                                                                                                                                                                                                                        MD5:8746122FDF7EFC772183F4DF2E91982A
                                                                                                                                                                                                                                        SHA1:AF4203A3D27A1E52FA9F34A050B6540514FD6435
                                                                                                                                                                                                                                        SHA-256:0BEE7E589E4CB7C5D46CE745385C3798DD5093984DD3C56AADE1E13BE6E53C42
                                                                                                                                                                                                                                        SHA-512:07E227E88B5E260919678C05DD21F650E39A180A0F952885998203931C118D7966BA1527316329E1A3BEA27EC9A415DED81F396354F55D8CABC8D1D5BABC3F73
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...|.t..........." ..0.................. ........... .......................@......x.....`.....................................O.......................P(... ..........T............................................ ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........_...............................................................(....*^.(.......J...%...}....*:.(......}....*:.(......}....*...0..T........(....(....,..(...+&.(...+&.(...+&(....,..(...+&.(...+&(....,..(...+&.(...+&.(...+&*.0...........(....&.(...+&.(...+&.(...+&.(...+&.(...+&.(...+&.(...+&.(...+&.(...+&.(...+&.(...+&.(...+&.(...+&.(...+&.(...+&.(...+&.(...+&.(...+&*".(...+&*".(...+&*".(...+&*.(....*.(....*..(....*j(.....%-.&~....(....o....*j(.....%-.&~....o ...(!...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\CliWrap.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):186448
                                                                                                                                                                                                                                        Entropy (8bit):6.958192575536949
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:4hOh6zHpz7YSkfd6kUYm4wlb6QAGcbLQpgjOHopZb7UsUDfAbmn1F8mSowR:4hJ177+9jQAVph4sUDfAbm1F8lR
                                                                                                                                                                                                                                        MD5:D0EE12CB6A6293426BEE6D95908C38C8
                                                                                                                                                                                                                                        SHA1:7A1B43AF1ED6C0F6E0A4283AC217ECFFB75357A8
                                                                                                                                                                                                                                        SHA-256:EECB149B376D21EC9D6CE3C295DAAFD7FCE36476FCE42C786813DD00AE0D4657
                                                                                                                                                                                                                                        SHA-512:92797BB40A9C11A07DEB40F73750C041CF5B471E19BABFC182208D6B5B44B6E74C89AD174A911F27E9587CD69D72A6191DB096D38EE67FA38E2C4811861D65AB
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............:.... ........... ....................... ......{.....`.....................................O.......$...............P(..............p............................................ ............... ..H............text...@.... ...................... ..`.rsrc...$...........................@..@.reloc..............................@..B........................H.......0.................................................................(9...*^.(9..........%...}....*:.(9.....}....*:.(9.....}....*:.(9.....}....*....0..G.........(:...}q......}r......}s......}t......}p.....|q.....(...+..|q...(<...*..0..G.........(:...}x......}y......}z......}{......}w.....|x.....(...+..|x...(<...*..0..G.........(=...}c......}d......}e......}f......}b.....|c.....(...+..|c...(?...*..0..G.........(=...}k......}l......}m......}n......}j.....|k.....(...+..|k..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.Abstractions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):29264
                                                                                                                                                                                                                                        Entropy (8bit):6.5196842118788085
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Y+q+2Vv/+usFlLVyKo/9ETG/DwzzRjz69M1ZVMdWs6NWskgNyb8E9VF6IYijSJIB:Y+EF/CvyKohrqn3EpYi60izJk
                                                                                                                                                                                                                                        MD5:7C01218E99981139C044B9D2820B887C
                                                                                                                                                                                                                                        SHA1:816284B70E7B7F3756F01C887378883481428081
                                                                                                                                                                                                                                        SHA-256:D07D4472E5E80A0EBDCF2870629DD12E5EECFDD79C8BBB932BE3104135F8C77C
                                                                                                                                                                                                                                        SHA-512:BFFD5DA9B2FE6B810FC5E5E567E085545665115101E4F48E3324FF4369E35D8D55D42F4E68138E5EBE371C097E88C3801D5FFF440A57AB9C1EF8522D12F31B12
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...N............." ..0..>...........\... ...`....... ...............................;....`.................................{\..O....`...............J..P(..........d[..T............................................ ............... ..H............text....<... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............H..............@..B.................\......H........(...............W..X....Z........................................(&...*^.(&......8...%...}....*:.(&.....}....*:.(&.....}....*:.(&.....}....*:.(&.....}....**.-..(....*..s'...z.~....*...0..........(....,..*..(.....o(......&...*...................0...........(.......()...-..,..*.*.(....,.r...p......%...%...(*...*..(+...*.(....,.r...p......%...%...%...(*...*...(,...*.(....,!r...p......%...%...%...%...(*...*....(-...*..,&(....,..r...pr...p.(*...(....*..(/...*.*.(....,.r..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.Binder.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):42576
                                                                                                                                                                                                                                        Entropy (8bit):6.4046458780485525
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:oThLeDjUB16TI1CQ12cMcFgL/l5dgEpYi60JVY:oTvB71dEcME45dp765
                                                                                                                                                                                                                                        MD5:878C629AC2EEA81E6EAD65CD6A50F5A3
                                                                                                                                                                                                                                        SHA1:35B9F1D10DAFB3025AC0413D7AA0ED0CCCFFDE6A
                                                                                                                                                                                                                                        SHA-256:E17A324E6361ED45A6E48C799B8E33349BCF41242723795CFC312B9E8E697813
                                                                                                                                                                                                                                        SHA-512:8F9C02DFD0EE383A605FB2C57652E1580BAAB1DF0422D6E9ADD9D95CC8EC698CB346413B407E39D1AE61C67CF7CD95FD71D9C2569FC192BAEB67B821D1F94D03
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...f............" ..0..t.............. ........... ...............................}....`.....................................O....................~..P(..........|...T............................................ ............... ..H............text....s... ...t.................. ..`.rsrc................v..............@..@.reloc...............|..............@..B........................H.......4:...L.............8.............................................(....*^.(.......A...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....**.-..(....*..s....z.~....*...0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...( ...*..(!...*.(....,.r...p......%...%...%...( ...*...("...*.(....,!r...p......%...%...%...%...( ...*....(#...*..,&(....,..r...pr...p.( ...($...*..(%...*.*.(....,.r..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.CommandLine.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):25168
                                                                                                                                                                                                                                        Entropy (8bit):6.668752308927327
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:JYEMITBweJkneGO3WKGW9anWsxNyb8E9VF6IYijSJIVxOStz5:lTBwa7dEtVEpYi60J
                                                                                                                                                                                                                                        MD5:A256A34CA45909D19DF819603DCB13AF
                                                                                                                                                                                                                                        SHA1:DCC715A30ED57D7EB32BBC8E1DF0CF83EE1C4CD0
                                                                                                                                                                                                                                        SHA-256:5D6A87A5C6DF09E73DF6DFBE73CE7E1D254E021FE536884C8596B32E5DB2B30A
                                                                                                                                                                                                                                        SHA-512:4967DF87A1287CB1F3C60711723F1A3E680C8EA79FDE1824A8780E17A7ED4E6C8F69D31BD9F76ABA01119115654B7C10E844FDE9C48851B37BD60D5030A64EBC
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....1............" ..0..0...........O... ...`....... ...............................p....`..................................O..O....`...............:..P(..........xN..T............................................ ............... ..H............text..../... ...0.................. ..`.rsrc........`.......2..............@..@.reloc...............8..............@..B.................O......H.......d&...#..........hI.......M........................................(....*^.(.......-...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....**.-..(....*..s....z.~....*...0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....( ...*..,&(....,..r...pr...p.(....(!...*..("...*.*.(....,.r..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.EnvironmentVariables.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21584
                                                                                                                                                                                                                                        Entropy (8bit):6.714340321050238
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:w6jxRm3soGTeZeszQm31WUKeWstNyb8E9VF6IYijSJIVxen7fT:fj23spTeZposJEpYi60q
                                                                                                                                                                                                                                        MD5:D1A72EDF2377EF9E1AB99325DD033D40
                                                                                                                                                                                                                                        SHA1:E4B5F48A5B5E3424CCB2D127E7AD27D19893B483
                                                                                                                                                                                                                                        SHA-256:88DA1CB723C78E0FFF141534E2960F0738E4A023C3A5C1929BD66193ED22BA2C
                                                                                                                                                                                                                                        SHA-512:333812806E3B14ACCC0E3C5E86B815CEE893E3C67453B4B99FEF02855BC718DAE9FD3A2344B4B3D9BE09DDAA8B1B21F6F0F55E05DE6055A5E49FA0EF8331285C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....s............" ..0.."..........NA... ...`....... ....................................`..................................@..O....`...............,..P(...........?..T............................................ ............... ..H............text...T!... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............*..............@..B................/A......H.......x#......................T?........................................(....*^.(.......$...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*..{....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*:.s....o....&.*V.s....%.o....o....&.*"..(...+*v.(.....~....}.....~....}....*..(......%-.&~....}......{....(....}....*2.(....(....*..(....o....r...p.{....r...p(....*..0..........(....s......o.....8.....o .......(!...t&.....o .

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.FileExtensions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):28240
                                                                                                                                                                                                                                        Entropy (8bit):6.599763231337247
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:tzp434gr92+liFe/5XjtCZ0UaFoSc43IXABPpBzWq66WsdNyb8E9VF6IYijSJIVF:1xk1/9jtGhScRwPpByoZEpYi608L2X
                                                                                                                                                                                                                                        MD5:8E2141AACC92F6096C9B6DA6BB5A0F33
                                                                                                                                                                                                                                        SHA1:2F702720C1C320434120E471B4329EE2143EA221
                                                                                                                                                                                                                                        SHA-256:E9F9CE42CB36557CAC26BD6D5907BB125C4678D15198700AB767E7144B0E0D18
                                                                                                                                                                                                                                        SHA-512:82E74FA668BCFAFDE8956DFECE6ED8B0DF744C506824ACCF53EC69236DB59DE23E1CA34F40358BFE39B06290C5029C0C611C7C8DBE7881C53BDDE9B72843D3FC
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....."..........." ..0..<...........[... ...`....... ...............................l....`..................................[..O....`...............F..P(..........tZ..T............................................ ............... ..H............text....;... ...<.................. ..`.rsrc........`.......>..............@..@.reloc...............D..............@..B.................[......H........(...,...........U..8....Y........................................(....*^.(.......3...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....**.-..(....*..s....z.~....*...0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...( ...*.(....,!r...p......%...%...%...%...(....*....(!...*..,&(....,..r...pr...p.(....("...*..(#...*.*.(....,.r..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.Json.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):27728
                                                                                                                                                                                                                                        Entropy (8bit):6.56193078447284
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:eXLAulT7JkcAoWovkT7jF6zOFz3Ge1l68mWka2WsGNyb8E9VF6IYijSJIVxlt0D6:aLAux7yUcT7jF6aYhSkOEpYi60J
                                                                                                                                                                                                                                        MD5:3F6FACE7733E23C3B705321A95612C3F
                                                                                                                                                                                                                                        SHA1:4093ABF818172BF36D0B174A616DDA022DE186AA
                                                                                                                                                                                                                                        SHA-256:4FFA4A98A3F5F33F727E6DAFEB252E0DFED4CEA13720346BB86B120E6E104451
                                                                                                                                                                                                                                        SHA-512:BB3F66CC0EDDCE7CE165278B1F6E9716BED87701250CEC9D086AB7E6F5FE5FBEE66BA7F60E2D3DD3C298E06F39E4D436D27B5008920DCE2BC5CCEA2EFAE4F85B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..:...........X... ...`....... ....................................`.................................SX..O....`..l............D..P(..........LW..T............................................ ............... ..H............text....8... ...:.................. ..`.rsrc...l....`.......<..............@..@.reloc...............B..............@..B.................X......H........(...)...........Q.......V........................................(....*^.(.......;...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....**.-..(....*..s....z.~....*...0..........(....,..*..(.....o.......&...*..............!....0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..( ...*.(....,.r...p......%...%...%...(....*...(!...*.(....,!r...p......%...%...%...%...(....*....("...*..,&(....,..r...pr...p.(....(#...*..($...*.*.(....,.r..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.UserSecrets.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):26192
                                                                                                                                                                                                                                        Entropy (8bit):6.547720137603778
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:LMvnbB39p5YGTv9uuM1iFSF3yE1LlW9KCWsHNyb8E9VF6IYijSJIVxUaa:LKnbPplTv9uuLuVwrEpYi60k
                                                                                                                                                                                                                                        MD5:8BB0B459701F66BAE28E754B043963C3
                                                                                                                                                                                                                                        SHA1:E567DD2727E5BF3CF10A6C70891E63EE0247C41C
                                                                                                                                                                                                                                        SHA-256:895928EC2A2AF3A288444C6DA2FB1E5249F6054C553FE763CD6D73CCFECF3266
                                                                                                                                                                                                                                        SHA-512:E84CD6BC9A6DE8E00FC5FCFDB2A660AD293ED619AB0E114EF52C73520738307E23618CACC2D5E2ABB2755B5D58FF0D7A81817F5E8C34CB5E9707191C756B0192
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...,.<..........." ..0..4..........bR... ...`....... ...............................:....`..................................R..O....`...............>..P(...........P..T............................................ ............... ..H............text...h2... ...4.................. ..`.rsrc........`.......6..............@..@.reloc...............<..............@..B................AR......H........&..$$..........(J..P...xP........................................(....*^.(.......&...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....**.-..(....*..s....z.~....*...0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....( ...*..,&(....,..r...pr...p.(....(!...*..("...*.*.(....,.r..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):41040
                                                                                                                                                                                                                                        Entropy (8bit):6.409309688620981
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:m054t3ibki5TCk3jqEr0WBum6BEpYi60mh:mPtnUj/Lkm976jh
                                                                                                                                                                                                                                        MD5:373DB163844AD86DD52C7BDF925B69F1
                                                                                                                                                                                                                                        SHA1:3CF502E28A2517C712E39FF4910378411BBD2210
                                                                                                                                                                                                                                        SHA-256:D77DDA6EFD4B6F26F4D4227DA1C493DED85FB7118C05231E20E084A1A002C1B0
                                                                                                                                                                                                                                        SHA-512:91A6BE82CD1F74B603F422F00E5B51FDBC30D5DA9D34C1EE28F1C5BE188BD5D29BF6FF78DF58ADE9FEC117120A62DC1D3A55E347697F83739C29DFE3FD2DC5DF
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...mq..........." ..0..n............... ........... ....................................`.................................a...O....................x..P(..........d...T............................................ ............... ..H............text....l... ...n.................. ..`.rsrc................p..............@..@.reloc...............v..............@..B........................H.......p8...M...........................................................(#...*^.(#......A...%...}....*:.(#.....}....*:.(#.....}....*:.(#.....}....*:.(#.....}....**.-..(....*..s$...z.~....*...0..........(....,..*..(.....o%......&...*...................0...........(.......(&...-..,..*.*.(....,.r...p......%...%...('...*..((...*.(....,.r...p......%...%...%...('...*...()...*.(....,!r...p......%...%...%...%...('...*....(*...*..,&(....,..r...pr...p.('...(+...*..(,...*.*.(....,.r..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.DependencyInjection.Abstractions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):45136
                                                                                                                                                                                                                                        Entropy (8bit):6.257780262213066
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:Zq+RszBJV7CkN9YxrIvw2DLBjYAQP0+lyJ9PPYEpYi60si5y:Zq+SSkNNjdQc+cJNp76H9
                                                                                                                                                                                                                                        MD5:46178C89C18265DAC04BB569E8AF1B32
                                                                                                                                                                                                                                        SHA1:2BF62F8A2802EC573ACDCC1847126A4BCC9D57CE
                                                                                                                                                                                                                                        SHA-256:18B49A2C97AE0A0A7D127D99BA24BB6F6B7C05BF321AC4858CD5881908CD937C
                                                                                                                                                                                                                                        SHA-512:A007F1406921F7E7C9564EACDA5DD795BA5AF736B1A1BB24652D1C1105CC78C6BDB95391EB0AD0760FF651785EC2A1B953A52DEEE70E7A0A5D5E9DA9E14A7402
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....r=..........." ..0..|............... ........... ....................................`....................................O.......................P(..............T............................................ ............... ..H............text....{... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......<=...U..........P....... .........................................(!...*^.(!......E...%...}....*:.(!.....}....*:.(!.....}....*:.(!.....}....*:.(!.....}....**.-..(....*..s"...z.~....*...0..........(....,..*..(.....o#......&...*...................0...........(.......($...-..,..*.*.(....,.r...p......%...%...(%...*..(&...*.(....,.r...p......%...%...%...(%...*...('...*.(....,!r...p......%...%...%...%...(%...*....((...*..,&(....,..r...pr...p.(%...()...*..(*...*.*.(....,.r..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.DependencyInjection.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):85072
                                                                                                                                                                                                                                        Entropy (8bit):6.265757695793194
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:0NNgvCsvGPrpqSMo4Z9M4IIWSYe2Kbj5u6fjQ+7PMMcmnJf76hF:0MCsvGPPed5ZfjQ+rBvJf2F
                                                                                                                                                                                                                                        MD5:8F3F02B670469A026ADC32C95EE8896B
                                                                                                                                                                                                                                        SHA1:313B177A7F8FE38642D0F8AC7C417B271DFA3B45
                                                                                                                                                                                                                                        SHA-256:EF4A952ECDCF4CCBACA859D30175F3DA67BACE8A2E457BA42A70F0F95286A3A2
                                                                                                                                                                                                                                        SHA-512:C91C7D357FBA0B90376F9FB695FC95E799FF9BAB7F55CF094666FF066EF88AE468CCBBE85A822D7DD6DA268F9533279CDF884B6D04AC4F6F1D9F2DB8C8AA87F0
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R.)..........." ..0.............28... ...@....... ..............................7T....`..................................7..O....@...............$..P(...`.......6..T............................................ ............... ..H............text...8.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B.................8......H.......lj..............$%..0...T6........................................(&...*^.(&......s...%...}....*:.(&.....}....*:.(&.....}....*:.(&.....}....*:.(&.....}....*.~....*..0..........(....,..*..(.....o'......&...*...................0...........(.......((...-..,..*.*.(....,.r...p......%...%...()...*..(*...*.(....,.r...p......%...%...%...()...*...(+...*.(....,!r...p......%...%...%...%...()...*....(,...*..,&(....,..r...pr...p.()...(-...*..(....*.*.(....,.r...p......%...%...()..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.FileProviders.Abstractions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):23632
                                                                                                                                                                                                                                        Entropy (8bit):6.614672831994715
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:hVAko1Z0S/oj6ETt9EQMVSz3PMA2oWs6hWs6SNyb8E9VF6IYijSJIVxqJp3:h3m0SM3Tt90Pl73EpYi60aB
                                                                                                                                                                                                                                        MD5:EAC42065062A2A30472F196B5BA2BB5B
                                                                                                                                                                                                                                        SHA1:9FC9DBBA48A4C8924EABC0A9D4720E5036EB2233
                                                                                                                                                                                                                                        SHA-256:BFD8A444C655399ACDDF034778B162D8AEC18D896790FB7BB258D39C06C8C6AB
                                                                                                                                                                                                                                        SHA-512:8F0C4126A4C9AB728A21D5B436697500F1DCD184CAFA909EFB0A872453B2BF35D06B084DD5D2D92B0792FBF805596B6D2F6909CFE74FBD12C0D51D887E2605D9
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P............" ..0..(...........G... ...`....... .............................._.....`..................................G..O....`...............4..P(...........F..T............................................ ............... ..H............text....'... ...(.................. ..`.rsrc........`.......*..............@..@.reloc...............2..............@..B.................G......H........$...............B..@....F........................................(....*^.(.......(...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*.~....*..0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.FileProviders.Physical.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):45136
                                                                                                                                                                                                                                        Entropy (8bit):6.428795819452189
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:UxddbVKFC/2DfTMFeuzpdUTVoIEu3GzN/EpYi60Mrzp:UNxxAYFeMpdURZEu3Su76fp
                                                                                                                                                                                                                                        MD5:F449AF52D166FCA3D1FA110D7BF18EE1
                                                                                                                                                                                                                                        SHA1:AF56A8B9598A37F1A9844252B2E5177CF47F2BE4
                                                                                                                                                                                                                                        SHA-256:BF4BBD45B08C2AAFA3CBCA51443A4C8951E5530ADE33FB12CD060DC332CAB177
                                                                                                                                                                                                                                        SHA-512:00D43EE6491FBABE14EEF7323A64D6DF9B4CA0338DF428EAF12D8F287AC16E0EDB1F08BE35A4D7720F50C3841FABE1BC107A1E3AEFCBDD49F40BF774E3F8E006
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....s..........." ..0..~..........&.... ........... ...............................~....`....................................O.......p...............P(.............T............................................ ............... ..H............text...,|... ...~.................. ..`.rsrc...p...........................@..@.reloc..............................@..B........................H........;..(Y..................D.........................................("...*^.("......V...%...}....*:.(".....}....*:.(".....}....*:.(".....}....*:.(".....}....**.-..(....*..s#...z.~....*...0..........(....,..*..(.....o$......&...*.............. ....0...........(.......(%...-..,..*.*.(....,.r...p......%...%...(&...*..('...*.(....,.r...p......%...%...%...(&...*...((...*.(....,!r...p......%...%...%...%...(&...*....()...*..,&(....,..r...pr...p.(&...(*...*..(+...*.*.(....,.r..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.FileSystemGlobbing.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):47184
                                                                                                                                                                                                                                        Entropy (8bit):6.372186477195459
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:nkfEnkM0vRbJ05axPAONhO+JZIkp5ygv/MFyEpYi60xT:sEkMoRxtzIk3ygv/Mh76I
                                                                                                                                                                                                                                        MD5:450582CE35B3A02ED828AD928E0C455C
                                                                                                                                                                                                                                        SHA1:EE929973FA7577C9492D99B975FC09B1C6E65C15
                                                                                                                                                                                                                                        SHA-256:17B1A1197ADF44736D874FD2D95E33EE76BE38A97561ECDE37293B4011BD49D2
                                                                                                                                                                                                                                        SHA-512:4CC5CC3FB9016EE499E86B14F328DF078124C06B14E7FC731A10685DEF6D381BA7BFA968E1A31847A15FDA2F688558A7746B8486CA5E91BBA2376788D1D8BE95
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....*..........." ..0.................. ........... ...............................\....`.................................k...O.......H...............P(..........d...T............................................ ............... ..H............text....... ...................... ..`.rsrc...H...........................@..@.reloc..............................@..B........................H........D...X..............H............................................($...*^.($......@...%...}....*:.($.....}....*:.($.....}....*:.($.....}....*:.($.....}....**.-..(....*..s%...z.~....*...0..........(....,..*..(.....o&......&...*...................0...........(.......('...-..,..*.*.(....,.r...p......%...%...((...*..()...*.(....,.r...p......%...%...%...((...*...(*...*.(....,!r...p......%...%...%...%...((...*....(+...*..,&(....,..r...pr...p.((...(,...*..(-...*.*.(....,.r..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Hosting.Abstractions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):33872
                                                                                                                                                                                                                                        Entropy (8bit):6.464430553650891
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:pup+kjcS4GAF7ItpTYbg8lAZnsboXMEpYi60n0y:pi+YoF7Itmbg82sbo176Ty
                                                                                                                                                                                                                                        MD5:70AD333E5F1E224644C269005FA2D71B
                                                                                                                                                                                                                                        SHA1:1E3FD3E37C5A4AF35E8AA9A88E0D4C6A48114EF3
                                                                                                                                                                                                                                        SHA-256:DCC3BACC8AE4841338386E897A28A3B20A1ADF7B95389152390F4A93DFD5BFDC
                                                                                                                                                                                                                                        SHA-512:8FAF111A9B55F2189A4DDC3060ED485036938E0681BF60CF2E8611CA698EB1A90DBACBB2D6729DEACBA4AB09324651B019D75638C28B035B919D41057805DBCC
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Kq..........." ..0..R...........p... ........... ....................................`.................................;p..O.......8............\..P(..........0o..T............................................ ............... ..H............text....P... ...R.................. ..`.rsrc...8............T..............@..@.reloc...............Z..............@..B................op......H.......</..,<..........hk..H....n........................................(....*^.(.......I...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....**.-..(....*..s....z.~....*...0..........(....,..*..(.....o ......&...*...................0...........(.......(!...-..,..*.*.(....,.r...p......%...%...("...*..(#...*.(....,.r...p......%...%...%...("...*...($...*.(....,!r...p......%...%...%...%...("...*....(%...*..,&(....,..r...pr...p.("...(&...*..('...*.*.(....,.r..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Hosting.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):66640
                                                                                                                                                                                                                                        Entropy (8bit):6.301325813866528
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:myK1UG8tMAv0by0P/vGCnbr1hmiBPIIk+v76U:mykl8tla/nbr1kiBx3vP
                                                                                                                                                                                                                                        MD5:FE98F581483729C0D911BD0C2342F924
                                                                                                                                                                                                                                        SHA1:EAC4DDEDAA515BC476B70CFB9CF9885FFC02D332
                                                                                                                                                                                                                                        SHA-256:945316F7746938D97B136E40F5A04EC71A88AC6D0449D2D62D472F4666848885
                                                                                                                                                                                                                                        SHA-512:BDCF12D0C8A1BAA82ECED4639890E580807D6A11FCD6E0E9CA0129B88628FF8D3A8FE26BDC7C14733B04720163BBD6511E3E759C93A091E8676F056F2E1B83B7
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...*t............" ..0.................. ........... .......................@......B.....`.................................i...O.......................P(... ......x...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........R..l...........X.................................................(!...*^.(!......p...%...}....*:.(!.....}....*:.(!.....}....*:.(!.....}....*:.(!.....}....**.-..(....*..s"...z.~....*...0..........(....,..*..(.....o#......&...*...................0...........(.......($...-..,..*.*.(....,.r...p......%...%...(%...*..(&...*.(....,.r...p......%...%...%...(%...*...('...*.(....,!r...p......%...%...%...%...(%...*....((...*..,&(....,..r...pr...p.(%...()...*..(*...*.*.(....,.r..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Http.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):69712
                                                                                                                                                                                                                                        Entropy (8bit):6.223827955087223
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:DsDE/e+9cxoZhNyjcMiJSAopUx+ZM76ohkz:gDE2HozNyjcf4o2MTkz
                                                                                                                                                                                                                                        MD5:6E2697DB393D6E8AA67CB5058C78F8B9
                                                                                                                                                                                                                                        SHA1:D9039790C698CF0BAAD4067AA223BC59D99B86CD
                                                                                                                                                                                                                                        SHA-256:E0133F189FC3561BA5308529E78FD212EA16F681BEC8670E51B3473567E259CF
                                                                                                                                                                                                                                        SHA-512:1CCCF23A2D5BDDD98A988FAE9B52EE84B9C7428951BA22988B21197F825EA76FECAB2C0E309272E69C1A9B226B0997E0C0A306E84DC29873B862400963A2CA10
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....p............" ..0.................. ........... .......................@......:2....`.................................S...O....... ...............P(... ......`...T............................................ ............... ..H............text........ ...................... ..`.rsrc... ...........................@..@.reloc....... ......................@..B........................H........T..............`.................................................(....*..(....*^.(.......\...%...}....*:.(......}....*:.(......}....*:.(......}....*.~....*.0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...( ...*..(!...*.(....,.r...p......%...%...%...( ...*...("...*.(....,!r...p......%...%...%...%...( ...*....(#...*..,&(....,..r...pr...p.( ...($...*..(%...*.*.(....,.r...p......%...%...( ...*...(&.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Abstractions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):64080
                                                                                                                                                                                                                                        Entropy (8bit):6.288018545132408
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:k5HPh4EAiOY3m47MHUlIarqNCd4/gZaLstEQDNKTqRLtfYrxcfC8WEpYi60Yj2:k5PhAi33m3UOZsd4IZnuQDLtfjfCG76o
                                                                                                                                                                                                                                        MD5:5B798C46513ABC795D47C034F316C4D6
                                                                                                                                                                                                                                        SHA1:26550D71839DD8BD36DB8B2E20ABF3D9B42D3E77
                                                                                                                                                                                                                                        SHA-256:E265A7EB1DC1A85CC822C826D4D5691EB71F7D70FD06A4F36B6B531192A8FB6C
                                                                                                                                                                                                                                        SHA-512:F8AA5A4D125E3149EBF07ABB9A9CB0F026C35585CEAD385A8FBAA93F42502FCFE91B28B13C058C11A11A52D65C8A0A8C93C18A98A457117904CE28711EDF1D3E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...S............." ..0.................. ........... .......................@............`.....................................O.......................P(... ..........T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......PO..............X.................................................()...*^.()......N...%...}....*:.().....}....*:.().....}....*:.().....}....*:.().....}....**.-..(....*..s*...z.~....*...0..........(....,..*..(.....o+......&...*..............!....0...........(.......(,...-..,..*.*.(....,.r...p......%...%...(-...*..(....*.(....,.r...p......%...%...%...(-...*...(/...*.(....,!r...p......%...%...%...%...(-...*....(0...*..,&(....,..r...pr...p.(-...(1...*..(2...*.*.(....,.r..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Configuration.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):28240
                                                                                                                                                                                                                                        Entropy (8bit):6.540408498244601
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:b1YBj07ZyQvkBd9aocTPMuiEjYpR6K698kwgcWWxseU7RWsXNyb8E9VF6IYijSJx:54jUv6iT9jsi8HyeU7LbEpYi60lG
                                                                                                                                                                                                                                        MD5:EFF907D202C8276FAC2E40C6FB05A0B7
                                                                                                                                                                                                                                        SHA1:80B065082AF0D56757CD22192ADCCB093B56392A
                                                                                                                                                                                                                                        SHA-256:7B496A21EBE9EEEAA50D2BF4D7A8E5E4ED44A8E1EDC20E62211EC463855D2833
                                                                                                                                                                                                                                        SHA-512:A4E879E1B74E005650F72B37A6AE1D463927D647EA0869DB155C2C492B26666A44BF577A9C55FCE08834389A0C9954ECA5DC355BDBF370B3084D59F52435D090
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Oe..........." ..0..<...........Z... ...`....... ..............................m.....`.................................1Z..O....`..L............F..P(..........$Y..T............................................ ............... ..H............text....:... ...<.................. ..`.rsrc...L....`.......>..............@..@.reloc...............D..............@..B................eZ......H........&..d...........\U..H....X........................................(....*^.(.......7...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....**.-..(....*..s....z.~....*...0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..( ...*.(....,.r...p......%...%...%...(....*...(!...*.(....,!r...p......%...%...%...%...(....*....("...*..,&(....,..r...pr...p.(....(#...*..($...*.*.(....,.r..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Console.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):59472
                                                                                                                                                                                                                                        Entropy (8bit):6.331423870898674
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:H7WAluzJ+Je2PS7kJFT+OUjz+Tf26auuPF1/krd6zkwQRIOIzb7E5EpYi604:bJ4V26g1YuuP/2IOef76B
                                                                                                                                                                                                                                        MD5:F871C018EF2B25D9FBDCBC6553565B56
                                                                                                                                                                                                                                        SHA1:4B9A73EB7EF4D9AE38F6C60C917D3D552142C9C4
                                                                                                                                                                                                                                        SHA-256:C632FFBE353493B69C6D1A7B3DE49B99BA53454C0BB6D550AECA01941D37BD68
                                                                                                                                                                                                                                        SHA-512:664AD86077CFE852FF74391DD22B77EBC661A1887B6BFEDB756784433E54B345CE6BFE90F321A513514005332D0D9BE1654EE4EA85337BB165688438ED3FF293
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C............." ..0.............:.... ........... ....................... ............`.....................................O.......L...............P(..............T............................................ ............... ..H............text...@.... ...................... ..`.rsrc...L...........................@..@.reloc..............................@..B........................H........H..t...........l.......d.........................................()...*^.()......a...%...}....*:.().....}....*:.().....}....*:.().....}....*:.().....}....**.-..(....*..s*...z..0..l.........~..........(+...*(,........,.r...p(-.......+.r...p(-.....,..ry..p(....-..r}..p.o/...+..+....(0...........*.0..%.........~.......3.(....-..+..%............*F................*..0..<.......r...p..(1...,..*r...p(-.....,..ry..p(....-..r}..p.o/...*.*.*.~....*..0..........(....,..*..(....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Debug.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21072
                                                                                                                                                                                                                                        Entropy (8bit):6.656390892419785
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:ZzhlvlfTcbY3SCkWJOVMWskNyb8E9VF6IYijSJIVx2aJq2h:zrfTcbY+uEEpYi60T/h
                                                                                                                                                                                                                                        MD5:19104941CD113377E35CCF5135A1843D
                                                                                                                                                                                                                                        SHA1:1923E051D328975BC5EDEB6EF86FA50B1CCF6056
                                                                                                                                                                                                                                        SHA-256:889D30261A9EA753260F72BD561026685D45503849745CC8C25D5B9B3A1F3C5E
                                                                                                                                                                                                                                        SHA-512:FB365CB21D5EC578DB082D58FDFBF7F1D54F318156CB00F2BE872F1902D212B978CE36522C6C72C43D8CA471DB48EDE64378720C5A01662F1F86ACB4250E9DC7
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$.}..........." ..0..............=... ...@....... ....................................`.................................-=..O....@..(............*..P(...`......0<..T............................................ ............... ..H............text........ ...................... ..`.rsrc...(....@....... ..............@..@.reloc.......`.......(..............@..B................a=......H.......H"..h....................;........................................(....*^.(.......)...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....**.-..(....*..s....z:.(......}....*..{....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*J.o....(...+(.....*..(....*.~....*.*.(....*.s.........*.~....*..(....*.*.s.........*:.(......}....*.(....*F(....,........*.*...0............(....-.*..r...p(.........o .....(!...,.*....("......(...+..r...p($

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.EventLog.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):26192
                                                                                                                                                                                                                                        Entropy (8bit):6.641194802197715
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:B3WWQsE/8iqjnqHTnBdOHFgYVwOU3NW2qFWspUNyb8E9VF6IYijSJIVxUo0elF:B3hQsE/8irTnfYFr/pUEpYi601nn
                                                                                                                                                                                                                                        MD5:DB9A42C37C2014B7211C8B1ADF138D9D
                                                                                                                                                                                                                                        SHA1:5FED4CC63EA69D11A999F972D38650441023C772
                                                                                                                                                                                                                                        SHA-256:B946DB49D488535D18536DB06BE4F1CA51FF1A2D9B16C3F082F8643A2379E6FF
                                                                                                                                                                                                                                        SHA-512:E080F4543D4B940C45F5E752562626546E0AF5FD07D2C8B344B87A83D67521390368CB048A88439DE4F36C22F2D7087ABDB52CD6902C11AEEE27FEFA4E73C883
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Su..........." ..0..4...........S... ...`....... ....................................`..................................S..O....`..`............>..P(...........R..T............................................ ............... ..H............text....3... ...4.................. ..`.rsrc...`....`.......6..............@..@.reloc...............<..............@..B.................S......H........'..T*.................. R........................................(....*^.(.......5...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....**.-..(....*..s....z:.(......}....*..{....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*v.r...p(.....o....(...+(.....*..r...p(.....r...p(.....o.....s'...(...+(.....*..r#..p(.....(....&.o.....(...+&.*..("...*.~....*.*.(....*.s.........*.~....*..("...*.*.s.........*...0..x........("....r7..p(...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.EventSource.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):35408
                                                                                                                                                                                                                                        Entropy (8bit):6.575755204796465
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:9oi0m9/A58Ph+mJ5fvIK0ixTryfCWo/zKeGmquanccOB30RtWW3aUWs1Nyb8E9VM:LDhbJ5nR02TQCWoJ92REpYi60Kk6
                                                                                                                                                                                                                                        MD5:3991CE21FDAF6242736D350CFF3DC68F
                                                                                                                                                                                                                                        SHA1:042C5A56BE96744D3095F9C41B6DFF7D7EE0121F
                                                                                                                                                                                                                                        SHA-256:D127E3F78779D0E387E974CE196398F92BDAF232C8CDE0FFADE87619BAD7B2F8
                                                                                                                                                                                                                                        SHA-512:3DB24ADB02EC97397FCD1125E8BCC69E27CA9456BE7082FA4C5063E1D5BC77ED435F9C8E2FA4E1D561A11FC715AF143D72228388D7295370C9DE0A0B4109FEEB
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u............." ..0..X..........nw... ........... ....................................`..................................w..O....................b..P(...........v..T............................................ ............... ..H............text...tW... ...X.................. ..`.rsrc................Z..............@..@.reloc...............`..............@..B................Mw......H.......X0..8E...................u........................................("...*^.("......J...%...}....*:.(".....}....*:.(".....}....*:.(".....}....*:.(".....}....**.-..(....*..s#...z:.(".....}....*..{....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*:.($.....}....*....0..+........{....oG......+......o%....o&.....X....i2.*:.($.....}....*2.{....oB...*..{....*..0..M........r...p(.....o'...~"...(...+.o'...(...+(*....o'...(...+(*....o'...(...+(*....*..($...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):48208
                                                                                                                                                                                                                                        Entropy (8bit):6.410791336032204
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:17d427HfKy1DQ+SKKKKzqPo6Zkn2qZKqLzZdd0UFxtEpYi60p7uh:17d42LfKy3SKKKKr8keqBdd0UFE76Jh
                                                                                                                                                                                                                                        MD5:9EDB59E26F2E2B161437BE30E12D1BA5
                                                                                                                                                                                                                                        SHA1:68A9538F0207FD95F538DC6BC98500B577CA4263
                                                                                                                                                                                                                                        SHA-256:79C7D9C74FDABB58C6355DDF98A842547CE8EE42E01191FB4A12BDAE8ADA5AD6
                                                                                                                                                                                                                                        SHA-512:DE2CAE46848949BE67BF1D1C96534F873C080A118ED3D059927440DCB4CD864944DF567AD63DC9804E92ED5B9AE9ACDC62D9CBE82A6319EA633568F4DF0DB1D3
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....H..........." ..0.............Z.... ........... ...............................M....`.....................................O.......(...............P(..............T............................................ ............... ..H............text...`.... ...................... ..`.rsrc...(...........................@..@.reloc..............................@..B................9.......H.......\?...d...........................................................('...*^.('......W...%...}....*:.('.....}....*:.('.....}....*:.('.....}....*:.('.....}....**.-..(....*..s(...z.~....*...0..........(....,..*..(.....o)......&...*...................0...........(.......(*...-..,..*.*.(....,.r...p......%...%...(+...*..(,...*.(....,.r...p......%...%...%...(+...*...(-...*.(....,!r...p......%...%...%...%...(+...*....(....*..,&(....,..r...pr...p.(+...(/...*..(0...*.*.(....,.r..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Options.ConfigurationExtensions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):24144
                                                                                                                                                                                                                                        Entropy (8bit):6.629489538581648
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:zy1x30dJaeTP8pBT7xe3SUDtzWzK0Ws0Nyb8E9VF6IYijSJIVx61mx4GWR:zq/eTeABdW0EpYi60a24x
                                                                                                                                                                                                                                        MD5:B79DE0C189657DC7695959CC7F723B31
                                                                                                                                                                                                                                        SHA1:B95CAE2523413CD5E98D08B6BF40CD6B1AE30BB9
                                                                                                                                                                                                                                        SHA-256:A75961BB014A0283BD150247EEC925CA0D2717E1FDF27262C421AB214278830E
                                                                                                                                                                                                                                        SHA-512:2B2F74E85682029B6D6E7F918E4CBF159E1E2D1764B04BBB57E3A83EFB38C94EA82F9EA6E3680C24F1466CEFB89F0990E792F62617EDB7D39DFB28D57393CA7D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....D3..........." ..0..,..........FK... ...`....... ..............................8x....`..................................J..O....`...............6..P(...........I..T............................................ ............... ..H............text...L+... ...,.................. ..`.rsrc........`......................@..@.reloc...............4..............@..B................%K......H.......0$.. %..................PI........................................(....*^.(.......*...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....**.-..(....*..s....z:.(......}....*..{....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*:.(......}....*..{....*..{....*"..}....*...~....%-.&~..........s....%.....(...+*..r...p(.....o.....o......(...+&.*.0..P.......s ......}!.....}"....r...p(.....{!...r...p(........#...s$...o...+&.o....(...+&.*

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Options.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):61520
                                                                                                                                                                                                                                        Entropy (8bit):6.347288911250665
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:Wg+uGuV+1mb5JtoNIHQs1YyH67beAn9eLfLaV7CvS4fEpYi60k7M:Wg+uGuV+1mbaqvy9OfLKMS4Y76K
                                                                                                                                                                                                                                        MD5:3D389341072F7E3007CBAF89BE2CEE07
                                                                                                                                                                                                                                        SHA1:955F0CD9BE38B30430CBE1C679B6D9F8BEE2D6F5
                                                                                                                                                                                                                                        SHA-256:CA3E34116E3425D94ABF9C11C53C64DE61A4C9B59382E31846552B7067BE2041
                                                                                                                                                                                                                                        SHA-512:1F3FBC2C7EABC68336F76136CF5FB9C8FB3C52E586B082C555CD128E0424E0A566B6CC29CC38BF5470460500D7190E13AA9ADC57D33AD53EE1AD1BF07C59A07E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....%..........." ..0.................. ........... ....................... ......G.....`.....................................O.......H...............P(..............T............................................ ............... ..H............text........ ...................... ..`.rsrc...H...........................@..@.reloc..............................@..B........................H........F.....................0.........................................('...*^.('......G...%...}....*:.('.....}....*:.('.....}....*:.('.....}....*:.('.....}....**.-..(....*..s(...z.~....*...0..........(....,..*..(.....o)......&...*...................0...........(.......(*...-..,..*.*.(....,.r...p......%...%...(+...*..(,...*.(....,.r...p......%...%...%...(+...*...(-...*.(....,!r...p......%...%...%...%...(+...*....(....*..,&(....,..r...pr...p.(+...(/...*..(0...*.*.(....,.r..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):42576
                                                                                                                                                                                                                                        Entropy (8bit):6.372478146658094
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:NKsIwjxNp8hpwVeEfHuX1QUIh3kOP7oIyWb3jec/uiCR9Crw3EpYi602p:Jd8hMfHuXbIkOP7ym3jZ/uiCRgrJ76f
                                                                                                                                                                                                                                        MD5:BD3A0337F0C30918BDC188857D425C74
                                                                                                                                                                                                                                        SHA1:872EE96948F18F238C11EE675288A7D49015AD55
                                                                                                                                                                                                                                        SHA-256:4DA12341EEA412DE444F0CB5D534FA9D3552778922D4165D47D697917EA9BEFD
                                                                                                                                                                                                                                        SHA-512:F71FBD9D25D5C560F45A41491226461F6CB842A9385071F8CDB99E8BB7264355671A06A50ABCCB1D59F8F31B32AA015897279ED8FEFBD58E7D9739DE77452C94
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...U.:..........." ..0..r............... ........... ....................................`................................./...O.......l............~..P(..........8...T............................................ ............... ..H............text....q... ...r.................. ..`.rsrc...l............t..............@..@.reloc...............|..............@..B................c.......H........:...O............................................................(-...*^.(-......G...%...}....*:.(-.....}....*:.(-.....}....*:.(-.....}....*:.(-.....}....*.~....*..0..........(....,..*..(.....o.......&...*...................0...........(.......(/...-..,..*.*.(....,.r...p......%...%...(0...*..(1...*.(....,.r...p......%...%...%...(0...*...(2...*.(....,!r...p......%...%...%...%...(0...*....(3...*..,&(....,..r...pr...p.(0...(4...*..(5...*.*.(....,.r...p......%...%...(0..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Win32.TaskScheduler.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):345168
                                                                                                                                                                                                                                        Entropy (8bit):6.141653165126045
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:qpc1zjTFIfqAnI7FZVllnuJxKrSj8r2yQQLeBLPHGUdlWOAlMoBJR1TaKwQz8weR:LpTCqAn+fnw5h9hdls+IZTWc8
                                                                                                                                                                                                                                        MD5:8AD62152C774F9E5E863647986176CEC
                                                                                                                                                                                                                                        SHA1:CBFD226349772DE4A7BD1A397B9A197DA5EF17DB
                                                                                                                                                                                                                                        SHA-256:FBB92409C4C7FC62934E0EAA2B7B9D9B3FC166EEAB22100BEDDACE141A90E14C
                                                                                                                                                                                                                                        SHA-512:BAB680BAAA50CB5E828BB06FFDEA52BC0F648F206416AFC15E06B3577713950473E7D67699E20AE8A832AB90607C5CFBC10335FC98CF591C1DFA00A18023BA09
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Z............." ..0..............0... ...@....... ....................................`.................................S0..O....@..................P(...`......D/..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................0......H...........xZ..........|...H.............................................{....*..{....*V.(......}......}....*...0..A........u2.......4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. ..<. )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q5....5...-.&.+...5...o.....%..{.......%q6....6...-.&.+...6...o.....(....*..{....*..{....*..{....*r.(......}......}......}....*..0..Y........u7.......L.,G(.....{.....{....o....,/(.....{.....{....o....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Newtonsoft.Json.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):710736
                                                                                                                                                                                                                                        Entropy (8bit):5.954096125476881
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:OFIM0KteTMN4Or4D3OdmZg5WHEaEDIGBBjgrIQtD+tVqDM6:CzMTMNNd+g5Wk78GBBjgrIQtDt
                                                                                                                                                                                                                                        MD5:0F2FCE599017F8E46AB778CE1BE8CEEC
                                                                                                                                                                                                                                        SHA1:DEE6ED88C5E2E6CD3C247A0A2C6AA2232D84AE1D
                                                                                                                                                                                                                                        SHA-256:0C99EA300932D53DBB69BE97A76BBF6249DE62F98307661747739738602EE66A
                                                                                                                                                                                                                                        SHA-512:98C517BAB3D7FA4DE0AE888137C741DC25CF48503D4610C3B7F1D9BAE948BE2054BFF708398C02688BF793F2F8F9B2A5C8A8BAD41E2CBD2DFF76384592459BAD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....)..........." ..0.............>.... ........... ....................... ............`.....................................O.......................P(..............T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............9............................................................(....*^.(...........%...}....*:.(......}....*:.(......}....*.(.........*....}.....(......{.....X.....}....*....0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..o....aX...X...o....2.....cY.....cY....cY..{......{...._..+&.{|..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Polly.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):285776
                                                                                                                                                                                                                                        Entropy (8bit):6.198246078607741
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:5MiAQB4wmESyxV8pj06e4isQ8gsHsjb/W1DBZ7DhsNcOY:5MZpj06vUsMjbQ77D+w
                                                                                                                                                                                                                                        MD5:DE269EBB2341B2C8FBC1867929486CA3
                                                                                                                                                                                                                                        SHA1:8FFA56B29C1BF1D710EF28BB09FC1E5F61355BC7
                                                                                                                                                                                                                                        SHA-256:5E6E72C150F55DFFD43A42CF6674895734971C8EC761DE639DFBA575B82403B8
                                                                                                                                                                                                                                        SHA-512:43CF7760C7AD945277EAF9F075F3807B0222AEC4B440FDD3FCC8DECD56C74EF3E71953418ABEFA2F5C55314F397A68F20807235B09CDE5C8E36E0C3AC1AC6698
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..*...........H... ...`....... ...............................G....`..................................H..O....`..L............4..P(...........G..T............................................ ............... ..H............text....(... ...*.................. ..`.rsrc...L....`.......,..............@..@.reloc...............2..............@..B.................H......H.......Xd......................TG......................................^.{....,.(G...z..}.....*^.{....,.(G...z..}.....*"..(L...*"..(M...*...0..,.......s.......}............s9...sv....{.....(....*.0..-.......s.......}............s9....s.....{.....(....*....0..(.......s.......}............s9.....{.....(....*.0..'.......s.......}............s9...sv.....(....*B...s......(....*......(....*.0..'.......s.......}............s9...sv.....(....*F...s.......(....*....0..X.........(:...}

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.Extensions.Hosting.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):38992
                                                                                                                                                                                                                                        Entropy (8bit):6.293140443991646
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:ydfuvOXFXW/8O6bXD+eeIgLPRsnHnyhQupytM9z7O3zfXYvj8rbPH5nTLhCPsIdU:yxuJRRsnHnyhQupytM9z7O3zfXYvj8r/
                                                                                                                                                                                                                                        MD5:7375A255242837552CD21BCFF925B0A4
                                                                                                                                                                                                                                        SHA1:60EC69A8DDFD76EEE9CF8FB9CED5ED5EE899AA5A
                                                                                                                                                                                                                                        SHA-256:C83CFA4CC990CB769A7B7FEF91625D8521670465819BB462166B3BD5F938491B
                                                                                                                                                                                                                                        SHA-512:196A9FC65340A4DA2EEE47A7EE40C0061AE6681CE05EE54E476E101A4A2F806199CD78EE08707D6A9CF79B5006FF2B21226BB5FCFDFBD83805C6BAF896A038A9
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..f..........Z.... ........... ....................................`.....................................O....................p..P(.............T............................................ ............... ..H............text...`e... ...f.................. ..`.rsrc................h..............@..@.reloc...............n..............@..B................;.......H.......tF...=..................t.......................................2.o....s9...*6..s4...o....*..0..>.......sg......}......}......}.....-.r...ps....z....h...s....o....&.*...0..C.......sk......}.....-.r...ps....z.{....-.r...ps....z....l...s......(....*..0..{.......sm......}......}!.....}"....-.r...ps....z.{!...-.r...ps....z.(....u....} .....{ ...,..{"......+..}........n...s....o....&.*..0..U.......st......}(....-.r1..ps....z....u...s....(...+&.~....%-.&~......f...s....%...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.Extensions.Logging.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):27728
                                                                                                                                                                                                                                        Entropy (8bit):6.552018898582154
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:pSgpZUlMxR5I1z8w3Uta2lQBVMxzMJktYm+9HWXCYhNyb8E9VF6IYijSJIVxKtKu:pSCZUl2O1zCnXyzDeEpYi60kf
                                                                                                                                                                                                                                        MD5:1D8206B4D0D1BD662025D28CA5A46E58
                                                                                                                                                                                                                                        SHA1:88524C086E4DBD6625FACA3DD4B53B2491084111
                                                                                                                                                                                                                                        SHA-256:447D1CC45EE11F2DD755B4F54DCF3F5903429C11029FC48CEDC1B85E4F28B78D
                                                                                                                                                                                                                                        SHA-512:31A94DDAE20FD48A282A5C8DA8ED7B97D5A83DEBF6CF89AE91FE267D0095022F3CCB54EBBCA6EB85E82E57DB7521B2702FFF0BF10AF043BEE76987DCC6A35979
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....m..........." ..0..:..........vX... ...`....... ...............................}....`................................."X..O....`..h............D..P(...........W..T............................................ ............... ..H............text...|8... ...:.................. ..`.rsrc...h....`.......<..............@..@.reloc...............B..............@..B................VX......H.......H...H(...................V........................................(....*..(....*..-.r...ps....z.-.r...ps....z..s......o....*v.-.r1..ps....z...s....o.....*...0..V.......s.......}.....-.rA..ps....z.,..o......./...s....(...+&+...{.....s....(....&...(...+&.*...0...........-.rQ..ps....z.o.... ....1..{.....o....*.{.....o....t......,..*.{.....o......{..........(.....{....o.... ....3..{....o ....{......o!......,..(".....*.........U.4.........s#...}.....s$...}.....s%...}.....(

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.Sinks.File.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):41552
                                                                                                                                                                                                                                        Entropy (8bit):6.317883878515866
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:+3UqoXsEgfFHoiikZ9y3BHdD+XR/tGo06BCEpYi60+:XLrgfPw3mXREaD76v
                                                                                                                                                                                                                                        MD5:142B51D1CB3F8220FE69404159703BE2
                                                                                                                                                                                                                                        SHA1:B69B8678B08F5674C533B728A895FDBE9F0E051F
                                                                                                                                                                                                                                        SHA-256:96811558375D8C94A486D0C604BB8299CBD484CBE7985600F403D5D884B1A8AA
                                                                                                                                                                                                                                        SHA-512:4BE4FB76CB05CD872B3CFD829DD08D00F5567D331479A3134A3A60AD5879DD21382CC794551E7F75C1AE85632018EF5E46AF59DF577EAF3CEA36C61F74894860
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....z..........." ..0..p............... ........... ....................................`....................................O....................z..P(.............T............................................ ............... ..H............text...$n... ...p.................. ..`.rsrc................r..............@..@.reloc...............x..............@..B........................H........<...O..................X.........................................(....*^.(.......D...%...}....*:.(......}....*:.(......}....*...0..,.............................................(....*.0..*...........................................(....*...0..(.........................................(....*.0..&.......................................(....*...0..S........-.r...ps....z.-.r%..ps....z.-.r/..ps....z...s ..............................(....*..0..V........-.r...ps....z.-.rM.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):138320
                                                                                                                                                                                                                                        Entropy (8bit):6.15934663093023
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:bobKO7RaoWuUeZk/f0Sh1HlWZm1ZZTdyGFkNUMT+P65jDt4NO:cbKKz1UeZk/Phv8lDuPaV
                                                                                                                                                                                                                                        MD5:E465521C59C11C51738CC4174E8FCC68
                                                                                                                                                                                                                                        SHA1:C782E51D40FE696A2E4E5314CFC46A071A409BBF
                                                                                                                                                                                                                                        SHA-256:B387C5C612C559DE5EA70D873BED490CA3FBE40073E73F0EAD5E2FFD09C3642D
                                                                                                                                                                                                                                        SHA-512:F9C269801D26E67235ACD30B2655F3E5A71FA58D617D503242933E374447726A93007AE3AE97F835BB7539A9169E2EF6192815D866F1383D4EAF41CD3FD96016
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....\..........." ..0.............6.... ... ....... .......................`......k~....`.....................................O.... ..................P(...@..........T............................................ ............... ..H............text...<.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......h...0O............................................................{)...*..{*...*V.(+.....}).....}*...*...0..;........u......,/(,....{)....{)...o-...,.(.....{*....{*...o/...*.*. ... )UU.Z(,....{)...o0...X )UU.Z(.....{*...o1...X*.0..b........r...p......%..{)......%q.........-.&.+.......o2....%..{*......%q.........-.&.+.......o2....(3...*..{4...*..{5...*V.(+.....}4.....}5...*.0..;........u......,/(,....{4....{4...o-...,.(.....{5....{5...o/...*.*. .T.2 )UU.Z(,....{4...o0

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Diagnostics.DiagnosticSource.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):150096
                                                                                                                                                                                                                                        Entropy (8bit):6.237726048640069
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:O0B07tjJYVNSCn+tn3nUMI000000I+49U2BL1krTe:907iSqSnkMDjy2
                                                                                                                                                                                                                                        MD5:C62817B604D61C7713A7E653F31A85A2
                                                                                                                                                                                                                                        SHA1:5076C010961D64C70E20A8E0B1264DE862F1A002
                                                                                                                                                                                                                                        SHA-256:1D4F20AB1FFD4CE57C198F8851671061E06513416FB3764607A9D63EFA693891
                                                                                                                                                                                                                                        SHA-512:4554475857586EC327EE561DACE31D83F4E328E1F4D38D5F9AA3EA15A51A46508EE19F44BE534F0D09D633B786AFF2499B7A74CEB4DCF32D2A91EFEECE829616
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....#9..........."!..0..............4... ........@.. ....................................`..................................4..W....@..............."..P(...`.......3..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................4......H...........lV............................................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*.0..K........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X(..... ...._.S...(......d.S*..0..&.........+....(....G...Z.(......X....(....2.*...0..L.........(..........(.....Z.(......(.....s....~....%-.&~..........s....%.....(...+*...0Y..5...0Y*..aY.5...aY..X* ....*V..0Y..6...aY......*.*.s.........*..(....*....0..&...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Diagnostics.EventLog.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):52816
                                                                                                                                                                                                                                        Entropy (8bit):6.178562116222838
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:etgEqel7clEfRWOuDXaVIWb0TadZjirgFDrGfmAXOaYbMlHEpYi60CV:eiprEfsOuD0hhji6DrLbAg76VV
                                                                                                                                                                                                                                        MD5:B60300F33BC14227755C9DA5A088ECD4
                                                                                                                                                                                                                                        SHA1:33D67AF11511813084E18AF7239D10BE4FEABB52
                                                                                                                                                                                                                                        SHA-256:920B101208961328406331DAAF2E579FCA8F10755854BE935DC9E87F9714F39D
                                                                                                                                                                                                                                        SHA-512:61A108811E3B6E1FBDF481C6842A56836CF61F9A13A745D0108A5D222451B43BF955D9F454BDD0D66A8F1D429348415F478D30E44EC83822EAEA3F9DD1C0D377
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....L..........." ..0.............Z.... ........... ..............................;.....`.....................................O.......................P(..............T............................................ ............... ..H............text...`.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................;.......H.......<5..,m..........h...0.............................................()...*:.().....}....*.~....*...0..........(....,..*..(.....o*......&...*...................0...........(.......(+...-..,..*.*.(....,.r...p......%...%...(,...*..(-...*.(....,.r...p......%...%...%...(,...*...(....*.(....,!r...p......%...%...%...%...(,...*....(/...*..,&(....,..r...pr...p.(,...(0...*..(1...*.*.(....,.r...p......%...%...(,...*...(2...*.(....,.r...p......%...%...%...(,...*....(3...*.(....,"r.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.ServiceProcess.ServiceController.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):34896
                                                                                                                                                                                                                                        Entropy (8bit):6.287043525920534
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:23wGplLcGsTK/lWNVz7MW+N92D1NlteVPEpYi60w8:23wMZ1lWL7MW+N0peVo76/8
                                                                                                                                                                                                                                        MD5:4411688A6ED39CA914ADA0D5F50A9BF3
                                                                                                                                                                                                                                        SHA1:E51B3908FCF47D753E7C0D17E66EF9A9F9F6B419
                                                                                                                                                                                                                                        SHA-256:DF312456E626FDC6D1B55EE64C5764C758742F50E056CAF089FA4D90D23DA9FB
                                                                                                                                                                                                                                        SHA-512:56CC118BA445631ABE0496A716F1C5BE00AFF7C5253024AD14324AC7B1138FD17A69EAF7C43F4C39E71882A9B00AB91B7AFE9A0566352D1C5F85DCF9C98DE464
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....O............" ..0..T..........6r... ........... ...................................`..................................q..O....... ............`..P(...........p..T............................................ ............... ..H............text...<R... ...T.................. ..`.rsrc... ............V..............@..@.reloc...............^..............@..B.................r......H........(..h6..........$_..8...\p........................................(....*^.(.......7...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*.~....*..0..........(....,..*..(.....o ......&...*...................0...........(.......(!...-..,..*.*.(....,.r...p......%...%...("...*..(#...*.(....,.r...p......%...%...%...("...*...($...*.(....,!r...p......%...%...%...%...("...*....(%...*..,&(....,..r...pr...p.("...(&...*..('...*.*.(....,.r...p......%...%...("..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Text.Encodings.Web.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):71248
                                                                                                                                                                                                                                        Entropy (8bit):6.130458302613061
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:2QuedlunqpC9yYxC9P7tt08eeykGlsESo3G76+Z:F3KICHxC9ZJexRsG3GLZ
                                                                                                                                                                                                                                        MD5:6ABF45C89ECD52D20F71ACAD4D96B251
                                                                                                                                                                                                                                        SHA1:80A7AC59575BFBB85D91D0E901C65E034920BD94
                                                                                                                                                                                                                                        SHA-256:D5E5CDD64F6DEB5FE49E5C45E6EA8B9BC556E28D65D3A004C884A8AAC87F2B08
                                                                                                                                                                                                                                        SHA-512:63AAF00DBA49F94AAD54C09527163F87D2FB34CAAA6B2FE77953B58A51148E3BCC6009ADB22FA4B143D15DDF719E4BC96B94960BD27E25ED37F004F015F284DC
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....n..........."!..0.................. ........@.. .......................`............`.....................................O.... ..................P(...@..........T............................................ ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H............w...........d................................................(....*^.(...........%...}....*:.(......}....*:.(......}....*^.(...........%...}....*:.(......}....*....0..E........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X(......R...(......d.R*....0..K........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X(..... ...._.S...(......d.S*f..._....0X....91...X....*.~....*.0..........(....,..*..(.....o.......&...*..................~~....%-.&.....(....s....%.....*.r...p(.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Text.Json.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):543312
                                                                                                                                                                                                                                        Entropy (8bit):5.986933648131665
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:n6+HbUMHVgQO61+5ZpvsQ60OghEusa4UQgce0x7KjF76pkLzLFEnJEIfibgPKiUX:n6aRgsgfEU4UDcxkLzJEBsgPKiUYFHPG
                                                                                                                                                                                                                                        MD5:E77BF920E2DCCB34C50D962AE8D311F9
                                                                                                                                                                                                                                        SHA1:C3A6AB1B6AFA434EC5D55E7007A32C2F1B80CE64
                                                                                                                                                                                                                                        SHA-256:713D4CDC9F120114926CD8BA6DD8F896624F1AC63C5D9EC97682C31A93F55292
                                                                                                                                                                                                                                        SHA-512:6CF00F9AA8EC9A1C6542ECFD703E554ACA8CA7A2A2BA8E91DE5F4542CACE309CA7697AED7255FCE098367215473E4F9B2B55EAF0A87A04F2C28DDBE7A7BD1166
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B............."!..0..............3... ........@.. ..............................6G....`.................................h3..S....@..............."..P(...`.......2..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................3......H...........s...........C...w..H.........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*.0..&........(.......(..../.(........(....G* ....*...0..@.......(.....3'..0Yn.!.~...~...i.?_b...@jY..._.j2..*.*.(.... .........*B..... ....s....*.~....*.0..........(....,..*..(.....o.......&...*...................(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\de\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):9728
                                                                                                                                                                                                                                        Entropy (8bit):4.560006548424685
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:AiWWNv/jzSENtqcadVl8PandjJUf7ZJSqSi/ufPU1S5rxg0XWr:v1Nvb5adVl8P2djJMZJSGu3z5rxg0XWr
                                                                                                                                                                                                                                        MD5:63E9B310597AC25A1CEAA55B6F0CC9F3
                                                                                                                                                                                                                                        SHA1:0C5B170ABA511F479E593727CF7F562523EA7E8C
                                                                                                                                                                                                                                        SHA-256:96B51BB87A1F4072D10B774FFADF81AF93881900571D21FE638E10E3FB0220B8
                                                                                                                                                                                                                                        SHA-512:3BAF3836F8F42DF2D3444409115A3564B0961CD3141CC46E248E6E29A59EC773E511477D8DED4BE05125F2F45E987FD6F94AC5676C318A728B7CA63EB78E9056
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....b...........!.................9... ...@....... ..............................;.....@..................................9..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................9......H........4............... ......P ........................................H.W..Q.2.<.L......H.*...W.!".5....8...}P1......#....Z.N..d.....o...P.....@G...g.g..7.w.!V_..4..7.=.G.".8%..q..G....a...............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\es\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10240
                                                                                                                                                                                                                                        Entropy (8bit):4.43329064965383
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:ycWWNv/jzSEStoC1vxx6hUltfxx+BE00cUnAPq115rxg0XWr:yc1NvbGVxx6hUltfxgE00cLq5rxg0XWr
                                                                                                                                                                                                                                        MD5:94136496103CA7B4425EB6D639EEC501
                                                                                                                                                                                                                                        SHA1:AC8F3F4E7C04D4BEEFBA94004A114880662C8387
                                                                                                                                                                                                                                        SHA-256:A3A44472A3944FF0D5C31241BF6DD9B6AE04EAE03581D338B53E3E41EED7141D
                                                                                                                                                                                                                                        SHA-512:04F4614C5BCF97EC643079D50FFA800B2F89A503E02D7DA6FF97AA463993A6964833068063C5A144C7E7D44BEAF082B43EA672F66B4E831EC2CE828666C4965B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....b...........!................n:... ...@....... ...............................x....@................................. :..K....@.......................`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......&..............@..B................P:......H.......,5............... ..\...P ........................................^M...=..A'R..\N.....U.{..-.Y+........E.?.......3.....#..9.v..2q..?..L..>s.SI.....}...M..Q.=.w....(<.I...,....>^..E..J..X..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\fr\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10240
                                                                                                                                                                                                                                        Entropy (8bit):4.581775279455886
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:R/WWNv/jzSEYtPpmKJiDjgmlRFI0HYZDKz/VPH1g5rxg0XWr:R/1NvbdKJiDjgmlRi0HYZDMa5rxg0XWr
                                                                                                                                                                                                                                        MD5:8C7822BE67F1576F2E11817826ABE40E
                                                                                                                                                                                                                                        SHA1:9B9EDD5FEE4415CB7FB09F0940BEAAFF1C107EB7
                                                                                                                                                                                                                                        SHA-256:C9A7CFE32AB4567D671A84397ABDA29CC92B21CB412CE0F0DF12352C68B7460F
                                                                                                                                                                                                                                        SHA-512:70F76DFFB3FE25F1D3550BEC3C168805AB422C6A0505DDDD21EB2A5B59F24D5F37AEDE0DBEBCF16F821868789E17A87AE61442BE6525ECA0461C0146E4E6B850
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....b...........!................^;... ...@....... ....................................@..................................;..W....@.......................`....................................................... ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......&..............@..B................@;......H........6............... ..?...P ......................................S...8cY)..6. .X.YE...W.....*.......r.~@.]\.D.3.....4I...P.u.....Y2Y.n....)@.xV.#g..V.tI.&.gy8....)U..@k..n...FF..w..6.) R.;..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\it\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10240
                                                                                                                                                                                                                                        Entropy (8bit):4.368843686720491
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:IiWWNv/jzSE5tyT1TNgr1nJIhZAf/07mPk1q5rxg0XWr:31NvbGTNgr1nJI3+07M75rxg0XWr
                                                                                                                                                                                                                                        MD5:79C01911FD90F929CCBD1D4964D2C17A
                                                                                                                                                                                                                                        SHA1:1878855F9C350B245C3258204A754770CAD776A3
                                                                                                                                                                                                                                        SHA-256:E8F0F7F9E9F2D836AAA341A39D3B395B397BAC0B88F6DDED3F159A6C8D2D74A1
                                                                                                                                                                                                                                        SHA-512:0C820224F516FE888621C09E3ED1870AC4B702AB97B1CE3CE4463445FC96F9D8798C97B6AE6ECFF1175D8D8EE8657052AF0E42D03B55340635CF9F5E65A9D6FA
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....b...........!.................9... ...@....... ....................................@..................................9..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......&..............@..B.................9......H........4............... ......P ........................................^V..d.~.R.t..i....v=.pIE\..#.}-{.u4....fIk.9.A..G....P_.S.u...w...J.AY....,.v.. ...A..."./..%.z+...".e..:.d....t.G...o................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\pl\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10240
                                                                                                                                                                                                                                        Entropy (8bit):4.593201257102684
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:9SWWNv/jzSEYtq2dE1cxy8ON0Qsk96sPE1V5rxg0XWr:9S1NvbaG1cxy8ONHskd85rxg0XWr
                                                                                                                                                                                                                                        MD5:437252DA54AB3171BC7DE366E5494AD8
                                                                                                                                                                                                                                        SHA1:A4FCFD9240B28C836240D4CAA4C9EC8DE38F6E9F
                                                                                                                                                                                                                                        SHA-256:9BFB9826E286B55AA5A580A5C220114063871B1EA8C541DF783A73EF8E72806B
                                                                                                                                                                                                                                        SHA-512:8D56A2EF0DE3B3BF16FE4D931EE6D6A8119E4CD7B3FFA52AC3EF65CEA2A2F4C4E99ED536757546A54CD5A2318A1BA4E70E6425367402CFD06345FEA6EE8442C0
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....b...........!.................;... ...@....... ..............................._....@..................................:..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......&..............@..B.................:......H........5............... ......P .......................................4....4...L.."...J...%-..............Drc....4.....n.3Cw .r$y.4......%..5[YupFe....R..!`..#h.I..-3..kH..:~ya..P9....PD.}...............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\ru\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10752
                                                                                                                                                                                                                                        Entropy (8bit):4.84740063117937
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:AHwWWNv/jzSEfthb7O9JKggIOrCPPzm394in3fwB/CZPlN1O5rxg0XWr:AQ1NvbH7O9JKgglrCPChnYVC5E5rxg06
                                                                                                                                                                                                                                        MD5:44CC811E193FB220954A0E56AF6F7682
                                                                                                                                                                                                                                        SHA1:B1437F518F3D8E8DEAD506D7E352B69593486244
                                                                                                                                                                                                                                        SHA-256:8CDCF449550DF3F9CACD3A8A41D19D6144BB0FED630825D6118D4077F637BC35
                                                                                                                                                                                                                                        SHA-512:E3FE956494F6179D6A725ECA38FE0E0739A14300DE035093212B0169BED45374E3792EBF7DF916996923777CCB9842C04D9B954D30094D51CE81A892D8F49385
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....b...........!................~=... ...@....... ....................................@.................................,=..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......(..............@..B................`=......H.......88............... ..e...P .......................................s....E..s....D6..|G....Kc....,..M......8..................}..\.bf..qe.T....w RF..B..y5fW=...N&GE(..[...._.H.....Y.c...ta..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\browser\lib\net6.0\System.Text.Encodings.Web.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):71312
                                                                                                                                                                                                                                        Entropy (8bit):6.106692533939604
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:mxuAEP6SHdOP71+KXUk/lsQDzZfOmLeSo0df9Xzlu:eEP6SHdOItSlXfNeSdf9Xxu
                                                                                                                                                                                                                                        MD5:0631D48880E7DDDDE2733C133BA486BB
                                                                                                                                                                                                                                        SHA1:08BDC5C585123FA5F3B4D670DC92CBAA7620725A
                                                                                                                                                                                                                                        SHA-256:AAD8B9A018FC4C4601EDC7C9169370EEE26628C4D90F967C947BA9A81EC4B224
                                                                                                                                                                                                                                        SHA-512:3AD9C20EF888DBD78AD99673E2242ED45006F204FE704076C7791A681849E4A5DDFA9E38862F26DB8203262536E92F1757FDB6982A9FDE1625C3825D89F08A41
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....T............"!..0.................. ........@.. .......................`......B.....`.................................x...S.... ...................(...@......x...T............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......,...Lx..........$d................................................(....*^.(...........%...}....*:.(......}....*:.(......}....*^.(...........%...}....*:.(......}....*....0..E........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X(......R...(......d.R*....0..K........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X(..... ...._.S...(......d.S*f..._....0X....91...X....*.~....*.0..........(....,..*..(.....o.......&...*..................~~....%-.&.....(....s....%.....*.r...p(.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\win\lib\net6.0\System.Diagnostics.EventLog.Messages.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):801048
                                                                                                                                                                                                                                        Entropy (8bit):1.7800450887072108
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:8qirVlWQX3WT56Os1HnhWgN7acWf53p13s5yX01k9z3Agrf8mNVf0nj:8BriQ+5kHRN76HcYR9zPrf8mrf0nj
                                                                                                                                                                                                                                        MD5:7A44C33341844DBE9C6FA526AF88E80A
                                                                                                                                                                                                                                        SHA1:0ACABD100F61A2F8B3C5E68A270599AD54EB8A39
                                                                                                                                                                                                                                        SHA-256:68F73AB17FB7F4AFF3D35EF6DB0E9D5B0FA0151111CB3D03992E23BC29D6C40A
                                                                                                                                                                                                                                        SHA-512:B81D63B345C193C6DEF17372311447D305AE167B2C4D1C2FDB0344D1E1EF5FF4F9D52599FFD862B2480825B308178737DF7E5E48C31E712339F009E92B6EAF57
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...|'............" ..0.............&)... ...@....... ....................................`..................................(..O....@..l................)...`.......'..T............................................ ............... ..H............text...,.... ...................... ..`.rsrc...l....@......................@..@.reloc.......`......................@..B.................)......H.......P ......................H'......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......`...#Blob......................3..............................................-.....-...0.....M.................R.................h.....7...........[.....x...........D...................................).....1.....9.....I... .Q.....Y.....a.....i.....q.....y...............................#.....#.....+.....3.X...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\win\lib\net6.0\System.Diagnostics.EventLog.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):159904
                                                                                                                                                                                                                                        Entropy (8bit):6.097873216527841
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:eXCCOOz54xuTlmyRmIazZ11Ip5ZUWISFogVJoQyaH5MbDiz:Wz5dQ/cpJISF5c8abC
                                                                                                                                                                                                                                        MD5:950CD24EA3A9EFE5CCE594A8B228AFDA
                                                                                                                                                                                                                                        SHA1:4609AC99EBD157E4C9BF7E276EEA961C4BB3AA4F
                                                                                                                                                                                                                                        SHA-256:2AF781190AB7C97D6B846D5027745D609AD227665695E8ECB3AFD4CC9FCE6537
                                                                                                                                                                                                                                        SHA-512:2E8D0DE29E62732458472B8FA5AC35C48416E6AA5034BE309F688A095E6222A215EA3318FA02358707FBB98918983F2AB8996AC6703585485533ED4975AB7E3F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....,............" ..0..>...........]... ...`....... ..............................T.....`..................................]..O....`...............H...(...........\..T............................................ ............... ..H............text....=... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............F..............@..B.................]......H............}...........D..0....\........................................(-...*..(-...*:.(-.....}....*..j ....n_ ....n3..*. ...._ ....`*....0..w...........o.......o.................o.....o/.......o.....o/.....(0.........().....(1..............,..o2.....,..o2.....(3....*.........?Z.......0..K...........o.............o.....o/.....(0....(*....(1.............,..o2.....(3....*.........)8.......0...........(+..........*...0..g.........(...+....o.............o.....o/..............(

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\win\lib\net6.0\System.ServiceProcess.ServiceController.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):86816
                                                                                                                                                                                                                                        Entropy (8bit):6.013720216920584
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:rqz3g47M9YIB/nRPP6eyO0MIq6y7suFvTbqtN0p7pqHUzH:rq3M5ftPzTLIq6y7sgytNK7p0Uz
                                                                                                                                                                                                                                        MD5:AAB8F9887FA45F30FE04472352E5AFEA
                                                                                                                                                                                                                                        SHA1:8244D05575D13E605B22538D7AE66D4805BC45C0
                                                                                                                                                                                                                                        SHA-256:7DFACED56145F3C6B80DE25A09E0DF6729149EF3C6A8F8F1B559E93B914FD2DE
                                                                                                                                                                                                                                        SHA-512:97BA85978B48324908427833374CB3C19DE01F136D29A3ADCAC350A0555B30087513CD33BB7B18F0CB52CB3E8884E0ACD1BD256704A8B96EA0C4CA8A0F8135CE
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............<... ...@....... ....................................`................................./<..O....@.. ............*.. )...`...... ;..T............................................ ............... ..H............text........ ...................... ..`.rsrc... ....@....... ..............@..@.reloc.......`.......(..............@..B................c<......H.......hP..............h)..8....:........................................(&...*^.(&......K...%...}....*:.(&.....}....*:.(&.....}....*:.(&.....}....*:.(&.....}....*6.~'....((...*R.~'....((.....()...*..(*...~'...(+...-..(*....s,...(+...*.*2.{-...(....*.~q...*...0..........(....,..*..(.....o.......&...*..............$....0...........(.......(/...-..,..*.*.(....,.r...p......%...%...(0...*..(1...*.(....,.r...p......%...%...%...(0...*...(2...*.(....,!r...p......%...%...%...%...(0.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):9728
                                                                                                                                                                                                                                        Entropy (8bit):4.709151479489131
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:0uWWNv/jzSEhtiBbSEmfO2mdqeCtzEc6yCPVo1L5rxg0XWr:J1NvbcbSEm22mdqet+ws5rxg0XWr
                                                                                                                                                                                                                                        MD5:90289DA899746E328816734D723C93A0
                                                                                                                                                                                                                                        SHA1:6AF8E30872729E89FE0A7C01D99DACF4AE6726CF
                                                                                                                                                                                                                                        SHA-256:2B3853CEBEA222ABB31C2B1E3D6CD19A2F6621ABB56954162751A2B592680676
                                                                                                                                                                                                                                        SHA-512:ABB6FE5216B412CD85E139D69657A40BEEBA00F2DD0DF1795AAD8CF27C13D9CE0EB2DCF3904CA445678D689CE56FA2C169ED7B40490181EA6B770B1A634A6D4B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....b...........!.................8... ...@....... ....................................@..................................8..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................8......H........3............... ......P ..............................................~.Xi.....05.]..sE04.hg.'...../.K'l..a..m..Z....q..m..4&....h....le..|.Z...../.....!*............<.XV$!./..})................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\zh-Hant\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):9728
                                                                                                                                                                                                                                        Entropy (8bit):4.7267524338984295
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:T2WWNv/jzSEhtimYtEq40uI7Sr2fqmxkNeo7R7L7c7xM757odHK9nPo21f5rxg06:a1NvbOtEq40uYSatEdHwWloA9Pb5rxgJ
                                                                                                                                                                                                                                        MD5:2356F25971B72EDBB3303AEA1BEFB9A1
                                                                                                                                                                                                                                        SHA1:60780C3E4F36829A0038BF56CD929148A0A0523C
                                                                                                                                                                                                                                        SHA-256:99C3F55737EBC53BA4EAA92FAAE23EC8AAB9149826E5D821D6BC976706BED237
                                                                                                                                                                                                                                        SHA-512:3252FE8D4A04F4EF79DB76DEB446FBA236E0B281E0B1B35488198D8A5D8EF0F4890ED68DB0E93CA17CE3783B6A6A4D71EF5F8979F917E05D4DDAC638DF082A60
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....b...........!.................8... ...@....... ....................................@..................................8..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................8......H........3............... ......P ........................................u..q.:7i...g.'=......a.2j.V.:}......o.....F5.Sv....v.|...(.':KP.d._..D..s].Nx<..e........k.......P.0...h")g..N.>...@...).6...............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote.zip

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1152141
                                                                                                                                                                                                                                        Entropy (8bit):7.9996934105504405
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:24576:Y0MtJOalt7fQwfM+tshGvx5LBhqAc9sDQPfs8+5iaSpFiz:65Lm++hGZ5LnZMO8f+5Aiz
                                                                                                                                                                                                                                        MD5:9A9B1FD85B5F1DCD568A521399A0D057
                                                                                                                                                                                                                                        SHA1:34ED149B290A3A94260D889BA50CB286F1795FA6
                                                                                                                                                                                                                                        SHA-256:88D5A5A4A1B56963D509989B9BE1A914AFE3E9EE25C2D786328DF85DA4A7820D
                                                                                                                                                                                                                                        SHA-512:7C1259DDDFF406FDAADB236BF4C7DFB734C9DA34FD7BAD9994839772E298EBF3F19F02EB0655E773BA82702AA9175337BA4416C561DC2CB604D08E271CC74776
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:PK..-.....}BrX.j5.........-...AgentPackageADRemote/AgentPackageADRemote.exe....0........d......0.....r...,.. UMA...|f-].=.U.j..p.....r..f.<..Z..g}m..LC.T.....Y.{s\.k... Y.....4..}..h.<L......L.........z.i9.K..~.ue."#"r.r..p..0.\./R...C.w..8..-.3.t...(.c..P..N....q.v&........u.a.e...]...9....r.@.=\v..B.~{|c.j.S...JL!g..Y@Ts9D$...)P.......{..8...Y...K...Z._".@.....a.8.P..7...ZY.-D8f\..ej.....@.w.$R>Q.B.....V..@..9....zdB..x..GK.....LDp...Xc......x......*.u..R..,...#...Q,.V....}..W....oT.._6n.g..bK.p.s...pABSv0.7..'.JK ....b.Y.-.B...!'Tjsn...."V......B.@.<CQ.K....>D.5E..w.'. ._%E..-......7.M..u1nr.7....T[.%6..t...Z..Q.;./....k.V....J-.\`..d...K.c. ..D.G.j.../..z..k.KH.....!..M...8....fr.......m....2..4-... ..CF...skN*.kv.E[3."gi3.Uv..*.S...n..~...)..!V..>...D..2..b..}..xW.ZPd..X\.g...1.RY.u.]p..Z b%r.....Hc.N.+[E...Q....3.K.H.....)NQ@L......./2.v..q...*.-:%... "...`...i..+!.D..q.];.ARRrQZ.B. i...M...Qy$.....p...A.U...=...LHF%...]..l.S.pl1....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):52272
                                                                                                                                                                                                                                        Entropy (8bit):6.139785828189609
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:avB4oeg/Po2Obb95bmrpeALHpZAgEpYinAMxCC8:ruQpbHbklAp7Hxx8
                                                                                                                                                                                                                                        MD5:3180C705182447F4BCC7CE8E2820B25D
                                                                                                                                                                                                                                        SHA1:AD6486557819A33D3F29B18D92B43B11707AAE6E
                                                                                                                                                                                                                                        SHA-256:5B536EDA4BFF1FDB5B1DB4987E66DA88C6C0E1D919777623344CD064D5C9BA22
                                                                                                                                                                                                                                        SHA-512:228149E1915D8375AA93A0AFF8C5A1D3417DF41B46F5A6D9A7052715DBB93E1E0A034A63F0FAAD98D4067BCFE86EDB5EB1DDF750C341607D33931526C784EB35
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe, Author: Joe Security
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0................. ........@.. ...................................`.................................p...O.......................0(.............8............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........B...s............................................................(....*.0...........(.....(.....o....(....*.0...........(.....(.....o....(...+*..(....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*.0..........s....%.o...+o....o...+&%.o...+o....o...+&%.o...+o....o...+&%.o...+o!...o...+&%.o...+o#...o...+&%.o...+o%...o...+&%.o...+o...+&%.o...+o(...o...+&%(*...%.(...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1782
                                                                                                                                                                                                                                        Entropy (8bit):5.026919218581437
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3rrb7h+1/gYo27RgdSagFsg+w3Sg+CjdgDt:7rn4cwCR
                                                                                                                                                                                                                                        MD5:13CFEB2261E4DAEAA3C06F7A60078F91
                                                                                                                                                                                                                                        SHA1:D76B6D07D8FEC75789025FBAB18048AD193B1462
                                                                                                                                                                                                                                        SHA-256:6BBDCC477F0C1EFBD0129AC7716F96CC2844103169AAEBFF03D4C8F5C54745D6
                                                                                                                                                                                                                                        SHA-512:F804155363FEB09427F7C8E968EAAA7DDA15F739769864A23C8A0FC9137151A03F02FB30B11F47A69DDCEFFF02BF933721C3757A3FB78C705D0537205BBD3A92
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>..<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" /></startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Microsoft.ApplicationInsights" publicKeyToken="31bf3856ad364e35" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-2.14.0.17971" newVersion="2.14.0.17971" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly>.. <d

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.ini

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11
                                                                                                                                                                                                                                        Entropy (8bit):3.459431618637298
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:WhTLV:WFLV
                                                                                                                                                                                                                                        MD5:530F2E4E5E3DDA283DB3C78CC0C13297
                                                                                                                                                                                                                                        SHA1:CF60B778D32C9562B94411DA9DCD8FED2017AB84
                                                                                                                                                                                                                                        SHA-256:447163A4A3F1F10AFD9EC48F915085B3236F0FA7EDC9973C16925EDB5F6CF0CC
                                                                                                                                                                                                                                        SHA-512:DD4F7AF9A0F57707D1924BB504D3FC267B4898B909CF6E6ECD274BBC9B487A5CE5D8000E3FAD6EC0061E565C728455965C91F1B4E380227264AD2EE3E2990E28
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:version=6.0

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):95792
                                                                                                                                                                                                                                        Entropy (8bit):6.184818983275012
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:GQ7brNBoXFbuhpLHbTOgemUu7+n3uRw1FlQRd5JY4t5K56y0sDrUfvPrhZwLXF7X:GQ/iwLWgeW+neRw1Hyd/YCs56y0sXUfG
                                                                                                                                                                                                                                        MD5:23C8674C75D5944445BF1C035E4A4789
                                                                                                                                                                                                                                        SHA1:A1255CEDEAC9F9A04B50C7814CD7C61A50623A19
                                                                                                                                                                                                                                        SHA-256:D2043F878740F643BF91F3EF798DBB9747904A1D503AAC4ED2108131F663AB37
                                                                                                                                                                                                                                        SHA-512:52ABA8350A05E9E5A672CB04CE528CFC4DA009247B2BD8B63096AF9A37C1F352A4C2BD12B03973AA1E733551F94F542814E425223DEF2AA33B595AA2DC555A95
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackage.Common.dll, Author: Joe Security
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Bd.........." ..0..D...........b... ........... ...............................{....`..................................b..O.......8............N..0(..........la............................................... ............... ..H............text....B... ...D.................. ..`.rsrc...8............F..............@..@.reloc...............L..............@..B.................b......H........j..l............................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p(....r...p(..........(....(......&..*........00......:.(......}....*..0..Z............( ...,......(!...*~..........("........( ...-..(....s#...........,..($.........(!...*..........&E.......0..G........{....,.(......5~%...r'..po&...rm..pr...po'...tQ...r...p((..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackages.CommonLib.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):95280
                                                                                                                                                                                                                                        Entropy (8bit):6.002764283325334
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:ocNQW9Tbp/VgiZi7sT5gdBxYJMcTnbJkI+eD7HxSR:ojobJVgiHMcr5Da
                                                                                                                                                                                                                                        MD5:10961147A546FFCD8B7C19771BA70198
                                                                                                                                                                                                                                        SHA1:5B63EEA0B2E53DB81AFB146D469E899E1E67DACF
                                                                                                                                                                                                                                        SHA-256:95C53735107ADCC39E6C3268335B2AD434E2364A007CC97B2147AF3A6EE837F3
                                                                                                                                                                                                                                        SHA-512:9830450FF9E8D2E6B74D8D8938A18DFB1BA008249D389FB923D5AAA25B7F8F9E5BAD4CB3FC13100C5F53B0CCEDA4E9427E90F2B733EA9BE0FFAA5D5F165C815E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackages.CommonLib.dll, Author: Joe Security
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....&............" ..0..B..........Za... ........... ..............................~.....`..................................a..O....................L..0(..........``..8............................................ ............... ..H............text...`A... ...B.................. ..`.rsrc................D..............@..@.reloc...............J..............@..B................9a......H.......4i..,.............................................................(......}......}.......}.......}........o?...}....*..{....*>.{....o.......*v.{....o...........s....(...+*...0..<........{....o.....{....#.......@(....o.....{......o........&.....*........55........{....o.....{....#.......@(....o.....{......o....*..0..$........(......`...%..".o......{.....o....*Z.(....r...po#...o....*..{....o2...r...p.(....(....o(...*6..(....o....*..{....*..{....*.s....z.s....z.s....z.s..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackages.Exceptions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16432
                                                                                                                                                                                                                                        Entropy (8bit):6.656654225594367
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:5Xh+/DtYchNyby2sE9jBF6IYiYF8pA5K+oCGUHFeFl5XqQ:5Xh+tYmNyb8E9VF6IYinAM+oCaFXF
                                                                                                                                                                                                                                        MD5:96703E15C375B8A701C9D1F5BE8C4149
                                                                                                                                                                                                                                        SHA1:B058FA32FBDA52D70C1B966640B4824D5487ADC4
                                                                                                                                                                                                                                        SHA-256:3F830FA8F22EB09D59088705E26DCE964FB430722E91630B03EB15FCC48359A0
                                                                                                                                                                                                                                        SHA-512:3D7515BBFD018BCB24C69235A65F401BCF00D6932E412696FF31DC6EDE9436B2D4E5983450C9F88AF7B52D18949B4C1EFFEB9C3F94E85DCE57C4495F21D21A86
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...T............." ..0.............v,... ...@....... ....................................@.................................",..O....@..(...............0(...`......H+..8............................................ ............... ..H............text...|.... ...................... ..`.rsrc...(....@......................@..@.reloc.......`......................@..B................V,......H........ ..d...........................................................&...(....*6.r...p.(....*..(....*..(....*"..(....*. ....*.r-..p*..(....*"..(....*. ....*.r...p*..(....*"..(....*. .*..*.r...p*. ....*.rN..p*..(....*.BSJB............v2.0.50727......l.......#~......<...#Strings....D...$...#US.h.......#GUID...x.......#Blob...........G..........3......................................................................f.....F...........n.................M...........2...........Z.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.Utils.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):52272
                                                                                                                                                                                                                                        Entropy (8bit):6.410547751816252
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:KQMnML8f1VNPa7fb8LRaIzlRK/usybUjuUY0vZKE8tcqPqZw+I39Wu1FEpYinAM/:K9ML8LW/usybGYVE8mZw+89Wu1e7Hxas
                                                                                                                                                                                                                                        MD5:20FC2DB17D09554BBC37785B3644DFC3
                                                                                                                                                                                                                                        SHA1:AAC4CA54730DB46145748AB419CF6BE3B39D2A74
                                                                                                                                                                                                                                        SHA-256:4151D6C627A324D9F2991A4D98BB7544926DB41B3211EDC1B2085922B1D1FC46
                                                                                                                                                                                                                                        SHA-512:62F6711FD2861BEA0FC214882678CF7F98CB53E8AF858C46CCC1F5B1F2FF9C22DCBD3A184A9DE9AD2D2148F0B529426DE7F793A63A459D72D2DCB048DF4E40FD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.Utils.dll, Author: Joe Security
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...&............." ..0.................. ........... ..............................&.....`.................................>...O.......4...............0(..........t...T............................................ ............... ..H............text........ ...................... ..`.rsrc...4...........................@..@.reloc..............................@..B................r.......H........E...s...........................................................0..........(.....o.....s........s............io........,...o.......jo....s....&.o.....P.........io ...&..i.X.P..........i(!.....i(".......(!....(#...*.........*.......0.._........($....s.......(%........i.Yo.....P......jo......s&.......io ...&(........io'.......,..o......*.........FS........((...*2.~....(....*....0...........()...,.r...ps*...z.()...,.r...ps*...z.....~....s+....s,.......o-....[o....o/...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Microsoft.ApplicationInsights.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):398896
                                                                                                                                                                                                                                        Entropy (8bit):6.13440642371392
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:hjS6t1sm5LldNolZIkImcTi077Keb0wi0Lcr4so8mysKTqRjMnM6/Zmvr:h+e55LgIkTmyAAfTnMLvr
                                                                                                                                                                                                                                        MD5:A79C5395D945A1A369EA05D73B1170E4
                                                                                                                                                                                                                                        SHA1:937D030106FD7E88B61E4F4D1AC28A3B9FFA0AA4
                                                                                                                                                                                                                                        SHA-256:7580F72E7059A9DBCF41C94DC69ECCA0B3A983C010DE86B9A509A701163AFEC0
                                                                                                                                                                                                                                        SHA-512:176C719C2595A6A01041EC240D5341FAC5AB6137756FD70F71A1B5C5A6E9A923FB61760808840D439CDBAB70ADFAEE137B13600875E0BC3A209E501DB84C2AAD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ... ....... .......................`.......^....`.................................v...O.... ..................0(...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........P...................$.........................................{)...*..{*...*V.(+.....}).....}*...*...0..;........u......,/(,....{)....{)...o-...,.(.....{*....{*...o/...*.*. S]G. )UU.Z(,....{)...o0...X )UU.Z(.....{*...o1...X*.0...........r...p......%..{)....................-.q.............-.&.+.......o2....%..{*....................-.q.............-.&.+.......o2....(3...*..{4...*..{5...*..{6...*..{7...*..(+.....}4.....}5.....}6......}7...*....0..k........u......,_(,

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\NLog.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):883760
                                                                                                                                                                                                                                        Entropy (8bit):6.071525670553409
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:Y1n1p9LdRN39aQLU0NnWSo7NReIGeFTiQaMcK2VJNUR10+xMhCJqtgsxUsQm:Y1n1p9LdRN39aQZUq3
                                                                                                                                                                                                                                        MD5:022108AD251A8942E295269CA824DE07
                                                                                                                                                                                                                                        SHA1:05CE96EB21FF69C5ACE572405A39936E594B7043
                                                                                                                                                                                                                                        SHA-256:353FC27D930C31219086C6D391B0502AC298F6084DFCB3EA423DD1DAB3BA1907
                                                                                                                                                                                                                                        SHA-512:49028D3C1C7C8FAE813F294577B97EB0C66F2D62DF880072AD59679460D55A6DEB1546DDF07A7353563910E21F4D53F5FCB4BD421887D7B75429083CA200C16E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..F..........:d... ........... ....................................`..................................c..O....................T..0(.......... c..T............................................ ............... ..H............text....D... ...F.................. ..`.rsrc................H..............@..@.reloc...............R..............@..B.................d......H........%...2...........W.......b......................................"..(....*..(....*"..(....*..(....*..(....*..(....*.(....*"..(....*...0..B.......~..........(b...~....,.~.....oc......+...(......od......,..(e....*........../7......"..(....*6.(.....(....*..0..........(.......of...&.*.(....og...*2(.....oc...*....0..?.......~..........(b...~....,.~.....oc...+...(.....oh...&...,..(e....*.........,4.......0..?.......~..........(b...~....,.~....oi......+...(....oj......,..(e..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Newtonsoft.Json.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):710192
                                                                                                                                                                                                                                        Entropy (8bit):5.960711597816388
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:yBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUc:yBjk38WuBcAbwoA/BkjSHXP36RMGl
                                                                                                                                                                                                                                        MD5:25879E885A79F4548FD878EAF4A82396
                                                                                                                                                                                                                                        SHA1:AFB8D0BBD5687D2FC19C7A3FB66EA3DF1886DB8C
                                                                                                                                                                                                                                        SHA-256:3DF7B27F8649C95C56F1F68A040F29FB28EFF6756F8BA78C480DFBB541E59E4A
                                                                                                                                                                                                                                        SHA-512:39EB28B89A077D37FC8076A364B26ADFD348F6DC891AC08FACCFB071D3806C32AC0A3A5D82E8D4DE01DF6F9E1C4271CCABFA8FF7248CF6886BEF8FE4BDE51B6F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p$?..........." ..0.............B.... ........... ....................... ......5.....`....................................O.......................0(.......... ...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................$.......H.......x...(9............................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\StructureMap.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):284208
                                                                                                                                                                                                                                        Entropy (8bit):6.117274836584594
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:NZgOtIGgeCEwNN4uaNZLVJ8ViVvW18KHxmeWntxX4xHU:fgo0WPVTXg0
                                                                                                                                                                                                                                        MD5:66DEBCC5962642D31706EA1B067288A3
                                                                                                                                                                                                                                        SHA1:FB6A76C0E5189F66FE1D0E192349077A45BF437F
                                                                                                                                                                                                                                        SHA-256:8CBC47B453EA20F1EEA3337981A1A975A16B68B27AA156831D2B4AD0B63EA980
                                                                                                                                                                                                                                        SHA-512:5C485C7D319BA9C019FBDCA48833D3628E6D9EA6F3AABFA47A519C363BA81D11265427FD470D5D665795B010A26E751DA404DBD70895E5EAFC83CBD50D83ED2B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....7..........." ..0..$...........C... ...`....... ....................................`..................................B..O....`..D...............0(...........A..T............................................ ............... ..H............text....#... ...$.................. ..`.rsrc...D....`.......&..............@..@.reloc...............,..............@..B.................B......H.......X~..x.............................................................o...+*..o...+*..(....*n.-..r...p.r...p(<...s=...z*...(.....o>...-.r...p.r)..p(<....s?...z*.0..9..........o@......+$..........(A....oB...(...+,...+...X....i2..*..(D...*....0..n.......sE.....oF......+A.......(...+,/..oG....,.rc..p..oH....oI...(J...sK...z...oL.....X....i2..oM............oN....*..(D...*...0..E........oO....+..oP......oQ......8...,......o....-....,..o.........8.....*.*...........'.......V.-.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Buffers.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22064
                                                                                                                                                                                                                                        Entropy (8bit):6.676829122620627
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Ty/fjFwUI/KQyVvKdDhG6ISDFWvYW8aoNyb8E9VF6IYinAM+oCOqXLP:TuhMaVmzDC67EpYinAMxC5
                                                                                                                                                                                                                                        MD5:C3CBDF33261AA0BAA8C11B4D713BA911
                                                                                                                                                                                                                                        SHA1:A486A2CFA6EF16B9DD005C689C767E47BF18D5A6
                                                                                                                                                                                                                                        SHA-256:0BD8B6B5D401001A2003486077BC095A2138B42DE7A52B212BD7A4AAD72A9E35
                                                                                                                                                                                                                                        SHA-512:132600340186128C7B8EA40D77DE9E5359A52949E7EE815CF959E2000A6EE178FCE26A2AAA2EBC56A48318EEAD3038189567CD5D14F9E977780373649C83F41D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..$...........C... ...`....... ....................................@.................................sC..O....`..@...............0(...........A..8............................................ ............... ..H............text....#... ...$.................. ..`.rsrc...@....`.......&..............@..@.reloc...............,..............@..B.................C......H........(.. ........... @..X...xA......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*.......%...(....*.(....,.r...p......%...%...%...(....*.......%...%...(....*..0..A.......(....,!r...p......%...%...%...%...(....*.......%...%...%...(....*.~....*2r...p.(....*B.....(.........*..(....*R.....(...+%-.&(....*^.....(.....(...+&~..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Diagnostics.DiagnosticSource.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):97328
                                                                                                                                                                                                                                        Entropy (8bit):6.241615255803021
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:rNSbHB6zBedWp71O37rGMsQ5gbDnTE8iayI2Sf+Ku6JhbDEhr4WTJ7HxhP:rN3OWMsQ56vd2s+KuYc9RTJrP
                                                                                                                                                                                                                                        MD5:259DAAE7BD386F6AE1C50DEF93F9A274
                                                                                                                                                                                                                                        SHA1:70E68497781C4E7B931B11E9EFE702ECCFBC3AF7
                                                                                                                                                                                                                                        SHA-256:859758492E07C9297C1C5A0A31FA30129C23D479F442ADE01F4A51F78A0DED08
                                                                                                                                                                                                                                        SHA-512:8D25CB5982E2D8A5EFA0056C120E1BD5AEC7E28DE4DEEC9BFA2BAEBFB0FABDC4A12369F901C8415CDD3402C9A0E8F8F338C1C5E3FEB1A2C0F45ED446AB80701B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....0............" ..0..J...........h... ........... ..............................d.....`..................................g..O....................T..0(...........f..T............................................ ............... ..H............text...4I... ...J.................. ..`.rsrc................L..............@..@.reloc...............R..............@..B.................h......H.......L...............<^.. ...\f........................................{'...*:.((.....}'...*..0..#........u......,.()....{'....{'...o*...*.*v ..yN )UU.Z()....{'...o+...X*....0..:........r...p......%..{'......%q.........-.&.+.......o,....(-...*..{....*:.((.....}....*....0..#........u......,.()....{.....{....o*...*.*v ..:. )UU.Z()....{....o+...X*....0..:........r-..p......%..{.......%q.........-.&.+.......o,....(-...*..{/...*..{0...*V.((.....}/.....}0...*.0..;........u......

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Memory.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):138288
                                                                                                                                                                                                                                        Entropy (8bit):6.18032959054322
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:g3XFz0qjCIPMAxlUXUKoPfw0kG71AHK7cnJ:S0qjCSRE+fw0kG71S
                                                                                                                                                                                                                                        MD5:CC3FFADF699BFB7F10A176AE306707E8
                                                                                                                                                                                                                                        SHA1:C0824E4E57FEBEF32E904E540BA369BB77ACD15A
                                                                                                                                                                                                                                        SHA-256:D48B4C4D3BED0F4662B98E557A0EDE24B6C3745E7BFFC114164A2FD33D947904
                                                                                                                                                                                                                                        SHA-512:BC648768FA54D6F9A0FB70CE88960EE2137712FD7056F8FF28D2E222871D2FFA96B97C81E21D84CD71EA336F29D28977EAB57D858B2B7D1D7C7B2B01BB455C32
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6wb.........." ..0.................. ... ....... .......................`...........@.................................?...O.... ..@...............0(...@..........8............................................ ............... ..H............text...h.... ...................... ..`.rsrc...@.... ......................@..@.reloc.......@......................@..B................s.......H........ ..............\.......D.........................................(&...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....('...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o(....{....(X...*..(....zN........o)...s*...*.(....z.s+...*..(....zF(L....(F...s,...*.(....z.(M...s,...*.(....z.s-...*.(....z.s....*..(....zN........o)...s/...*.(....zrr...p(S....c.I...(F...s0...*.(....zBr...p(P...s0...*.(....z.s1...*.(....z.(O...s2...*.(!...z.(V...s2...*.(#...z

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):17968
                                                                                                                                                                                                                                        Entropy (8bit):6.672454142602205
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Nh06sbbVVPWU2W+Nyb8E9VF6IYinAM+oCeB7f5DxmX:Ny9eEpYinAMxCA7xDxmX
                                                                                                                                                                                                                                        MD5:2BBEC1A6C6C64499CE0A4EDEA5D0C629
                                                                                                                                                                                                                                        SHA1:A1C39059B887B7A1BDF93CAB3237413D5948BE26
                                                                                                                                                                                                                                        SHA-256:D80E6D1C2A0850A2FDCA5F16A259130B08DDFE968CDC137253221CD4600D53CA
                                                                                                                                                                                                                                        SHA-512:B27639E9D30FD23461723708D4067C99AA3162FD8EF935AD5DA75776EBB46F2D11BD0FCA211BE35A195CE3020E10E063F66FDDDEAC0624392143B856DC23C174
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....._...........!.................3... ...@....@.. ..............................q.....@.................................@3..K....@..................0(...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p3......H........$..0...................P ......................................._.%c......=.n')...(v..:}.d...3...B...).. .:Q(....L.jt....}Xv.b7y0r.[..$.....q..c.6.....p..2..qHv/.pb.=..9.o"z.. 0P.t%H....U...0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0..........*....0................*..0...............*...0..............

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation.zip

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):384543
                                                                                                                                                                                                                                        Entropy (8bit):7.999457129580227
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:6144:QCkHWMIRwZL7gsOTLQezyUyt6ywEYUxa5FDW8mWalWh6Nxjuq0xn57/EMpx4Ip7/:x4j1ZXgsO3dU61Oa3a8O50VF/R7pwvgZ
                                                                                                                                                                                                                                        MD5:3C93B399B417B0D6A232D386E65A8B46
                                                                                                                                                                                                                                        SHA1:BB26DEAE135F405229D6F76EB6FAAEB9A3C45624
                                                                                                                                                                                                                                        SHA-256:29BC4577588116CBFEA928B2587DB3D0D26254163095E7FBBCDE6E86FD0022D7
                                                                                                                                                                                                                                        SHA-512:A963F5CF2221436938F031B65079BEA7C4BAFBD48833A9E11CD9BDD1548D68ED968D9279299AA2ADFC23311A6744D516CC50E6537AA45321E5653755ED56F149
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:PK..-.....qF=Y..t.........=...AgentPackageAgentInformation/AgentPackageAgentInformation.exe....0...................$A...?..K.*...{K...>3..y..m..7.|.....l4._.>.G..............}.p.........@....q...2T_.1^|..;.V.(V.:...F|.{.oX.......>....8.]QK.r]3}..h....l.d.z......WI..dG.d..{>.CM.....9/j..a....f.qF...X.}a.t........%n.+..I..-Xa..7..d.D..0...L.K....i"..Z.....~.~....._..{p*......+v,.K..F.X.|;"..!d......So'.f.o.......^.A.........c......|315....o.oRU..#.....R..h..[.":i..+8}...E:..!.M...Th%O;.dX.qK2.....9TD...Nt.J...."..$..k..k.'&I.p ...h.d......Z.3~...]~.B...}...~.(:U....=r<)...,...+.$...i=...1I.]....4Z..'...&..R......R.sW.?../.k....USg........o.....[......U......e..V...jG.Y.....v2...ph.L..3..n.!..... ..W."...cJ./.`..Lr..l.b..'.N^@....,D.y.....i._....@....M..)u-C.R..3"....C.iV/..|..c....$_..Uj.....^.R...*5......O........6*qw..G5.+.\.1..... .X...f..H._S.....b..HY>.GJ..}.,Fj...*.!...,(.j!.Od...&.....`.[.y.1*...$...a.8.j#9.Q...y..E.S.rQ*.2O.;.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):177712
                                                                                                                                                                                                                                        Entropy (8bit):5.81549541154566
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:fDpvOyLSson7aezB53Pbsk4GJCMA1TSuAehsZ7f2lz8/ChoCby:fD4y07asBx4krGSeCZXH
                                                                                                                                                                                                                                        MD5:31DEF444E6135301EA3C38A985341837
                                                                                                                                                                                                                                        SHA1:F135BE75C721AF2D5291CB463CBC22A32467084A
                                                                                                                                                                                                                                        SHA-256:36704967877E4117405BDE5EC30BEAF31E7492166714F3FFB2CEB262BF2FB571
                                                                                                                                                                                                                                        SHA-512:BD654388202CB5090C860A7229950B1184620746F4C584AB864EADE831168BC7FAE0B5E59B90165B1A9E4BA2BD154F235749718AE2DF35D3DD10403092185ED1
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.........."...0................. ........@.. ....................................`.....................................O.......................0(..........X................................................ ............... ..H............text...0.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H...................,....................................................0..........r...p... .....r...p.(.....o......(.....o......(.....o...........s......[o .....s!...%.o".......o#.....s$..........s%...%......io&...%o'.....o(.......o)...o).....(*...*..0..........r...p... .....r...p.(.....o......(.....o.......(+..........s......[o .....s!...%.o".......o,.......s-..........s%......i.l.....%......io........o)...o)...(.........o/...*..(0...*..{....*"..}....*..{....*"..}....*..{.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):546
                                                                                                                                                                                                                                        Entropy (8bit):5.048902065665432
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:MMHdG3VSQg9LNFF7ap+5v5OXrRf/2//FicYo4xm:JdASPF7NhOXrRH2/d9r
                                                                                                                                                                                                                                        MD5:158FB7D9323C6CE69D4FCE11486A40A1
                                                                                                                                                                                                                                        SHA1:29AB26F5728F6BA6F0E5636BF47149BD9851F532
                                                                                                                                                                                                                                        SHA-256:5E38EF232F42F9B0474F8CE937A478200F7A8926B90E45CB375FFDA339EC3C21
                                                                                                                                                                                                                                        SHA-512:7EEFCC5E65AB4110655E71BC282587E88242C15292D9C670885F0DAAE30FA19A4B059390EB8E934607B8B14105E3E25D7C5C1B926B6F93BDD40CBD284AAA3CEB
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>...<supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12
                                                                                                                                                                                                                                        Entropy (8bit):3.584962500721156
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:WhWRn:WY
                                                                                                                                                                                                                                        MD5:DC63026E80D2BB04F71E41916F807E33
                                                                                                                                                                                                                                        SHA1:6CDA386D2C365F94EA3DE41E2390FD916622EB51
                                                                                                                                                                                                                                        SHA-256:3B54D00F00AA80384DE88E4F4005E9D4D889A2CCF64B56E0C29D274352495C85
                                                                                                                                                                                                                                        SHA-512:61DA550EFD55187978872F5D8E88164A6181A11C8A720684EAA737E0846FE20B9E82B73E1F689A6585834B84C4CEE8DD949AF43E76FD0158F6CAFA704AB25183
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:version=37.9

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):96816
                                                                                                                                                                                                                                        Entropy (8bit):6.180547422449922
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:vJt7dqUlizL21LDdeOKTfLz2L506wFj/XxFoKjhJG/50vks00UfgfgvC7Hxw0h:vQUm2H5KTfOLgxFJjE50vksVUfPvC1h
                                                                                                                                                                                                                                        MD5:9D8B5941EA5B905E8197A175EF2B15A9
                                                                                                                                                                                                                                        SHA1:86A078E94B5578EC4125F50F78C8518A8CE1D086
                                                                                                                                                                                                                                        SHA-256:C6F05B647DBADC15AB97D31790FC8ACE054986EC33E9178FEEAD4235AD15CB0D
                                                                                                                                                                                                                                        SHA-512:FAB5FE82873862CE8ED1A427482093CCA307F6663E9F6497FDC244CE461312872D419FF274CDCA0C496414C28681901F335C9911B95D2A7C112D30E32D74E498
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll, Author: Joe Security
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....0.d.........." ..0..H..........zf... ........... ...............................C....`.................................(f..O.......8............R..0(...........d............................................... ............... ..H............text....F... ...H.................. ..`.rsrc...8............J..............@..@.reloc...............P..............@..B................\f......H........k..D............................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p(....r...p(..........(....(......&..*........00......:.(......}....*..0..Z............( ...,......(!...*~..........("........( ...-..(....s#...........,..($.........(!...*..........&E.......0..G........{....,.(......5~%...r'..po&...rm..pr...po'...tR...r...p((..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):704560
                                                                                                                                                                                                                                        Entropy (8bit):5.954116173285503
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:i9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc33:i8m657w6ZBLmkitKqBCjC0PDgM5H
                                                                                                                                                                                                                                        MD5:BA66874C510645C1FB5FE74F85B32E98
                                                                                                                                                                                                                                        SHA1:E33C7E6991A25CC40D9E0DCC260B5A27F4A34E6C
                                                                                                                                                                                                                                        SHA-256:12D64550CB536A067D8AFFF42864836F6D41566E18F46D3CA92CB68726BDD4E9
                                                                                                                                                                                                                                        SHA-512:44E8CAA916AB98DA36AF02B84AC944FBF0A65C80B0ADBDC1A087F8ED3EFF71C750FB6116F2C12034F9F9B429D6915DB8F88511B79507CC4D063BAB40C4EAA568
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ...............................E....`.....................................O.......................0(.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\dynamicfieldscaching.cch

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):4.664337599372335
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:hsShKC+4MsShLP6SX9NfzyShaKf0OWqGShaKf0Od:M4qBX9Nf1Wqd
                                                                                                                                                                                                                                        MD5:2B27824A323F8014A850FC5D25A09EFF
                                                                                                                                                                                                                                        SHA1:D65FB5407E0640131F672F0C2754D59C5A268780
                                                                                                                                                                                                                                        SHA-256:8B694287A9BBAB08F5DA642DF1AC1C811FD1F99FD7F4CEB443B83C54A5E687E5
                                                                                                                                                                                                                                        SHA-512:77945981F7AEEF139A346DFED1EC053776150CF4987071AE0B7DCCA0DA1702926BCFEDFAB3D89C64A5C5867E392DC8CD7ED232FF8EDB05E9DCE7CEC902371E05
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................TAgentPackageAgentInformation, Version=37.9.0.0, Culture=neutral, PublicKeyToken=null.....6AgentPackageAgentInformation.Cache.CachedDynamicFields.....<DynamicFields>k__BackingField.<Timestamp>k__BackingField..JAgentPackageAgentInformation.Api.Information.CustomField.DynamicFieldDto[]..............M..R...H...............HAgentPackageAgentInformation.Api.Information.CustomField.DynamicFieldDto................................................................................................

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\information.cch

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):35
                                                                                                                                                                                                                                        Entropy (8bit):3.8570165880026575
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:cGTIKOQjj:cGkf8j
                                                                                                                                                                                                                                        MD5:426731859123BAEF26EFBFE66F83D286
                                                                                                                                                                                                                                        SHA1:C57A36C4D539A0493ADCBC500363A880EBF6E65D
                                                                                                                                                                                                                                        SHA-256:F26315170F944FE624EC2010C6B59469567590E72C055A0C3D5B54E6D744BF57
                                                                                                                                                                                                                                        SHA-512:FCD59A617253AAB77F77239D49ECBB13BF25E0D3DA30B6A6AF68975F95BCD3544E21889C726FE500ABAC574D5D5B1482C882B363BBD51F9AE243837E3E266A22
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.CE4E84446980E9A3A0C52637F44C5D3A

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\update.cch

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):35
                                                                                                                                                                                                                                        Entropy (8bit):3.8861465882499107
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:1SiWgLNR:IiWCR
                                                                                                                                                                                                                                        MD5:E72C3ABAE38B7E08ECBA06285A0AD28B
                                                                                                                                                                                                                                        SHA1:C03CD285CFB0BBA7E54DC0ADAE239B46B2274261
                                                                                                                                                                                                                                        SHA-256:325857691F11316854BBD39873EEE89D971384984DDA801BDCC59F08C07B45CA
                                                                                                                                                                                                                                        SHA-512:6F3703CD369DE07A96D46535ABE2528F1C22823903FD0CA650BFA5F61D3A63D64363B59AE072DDF4AC03EE2AA7B7355671DF2725BCE57349D1FF552E099F346B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.ECA830C1543EEA5896618FECF968B0B4

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat.zip

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):328916
                                                                                                                                                                                                                                        Entropy (8bit):7.999290842463468
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:6144:EQjapzpRU64iYUQf9N4E/xWTUugwXWBoJW55fJKsff+Idm3lqd0LNIN/Hggh:EUaBXU5BjfcE5WTkwGRfQY+Om3lqdv5
                                                                                                                                                                                                                                        MD5:D3901E62166E9C42864FE3062CB4D8D5
                                                                                                                                                                                                                                        SHA1:C9C19EEC0FA04514F2F8B20F075D8F31B78BAE70
                                                                                                                                                                                                                                        SHA-256:DBC0E52E6DE93A0567A61C7B1E86DAA51FBEF725A4A31EEF4C9BBFF86F43671C
                                                                                                                                                                                                                                        SHA-512:AE33E57759E573773B9BB79944B09251F0DC4E07CDB8F373EC06963ABFC1E6A6326DF7F3B5FECF90BD2B060E3CB5A48B913B745CC853AC32D2558A8651C76111
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:PK..-.....'gqX............/...AgentPackageHeartbeat/AgentPackageHeartbeat.exe....0l.......?........F0..6\.q.......<.......I.3. &.;.........O.;d.&.U....".' ..}P..u+0.`g.Z..Zq,...w.1./..UD....F.a...B=.....!.. .=... .#7A.Q..o.........+q.C5 . 1..Ud...R>n..Y.9}>z.....yE7.}!sn....p1(e.....}T#>2/..y*7.@.<..J..q......3.4....M..."/"..cS....9pT.dn.:c...&..,H.e.....r...X#...m...V..ZP......+.h.R. .8.......!7FNa.`.P;.......P~..U.x.K.D8.&.vQ!..xn..~cNG.2._L.},..........:.J...S.y..-J...K.z.H.....z.G.6....d.b.[..9......Q.r.T........#..+..b6<...p.}......!.5.&l.E..4.F8..Y...."/.b.....................(.......b..&.6...t..%.(A..X{....H4....[.....}.......n0.:.......s..wQ.&.J\|j.....7=b+.L.t.l.0.{G.Jb.Jy.U.kG.....p-...^..g.4..RA.R..........~..5t4_...Z...h..J..........t...C3....{K.h...F..W$...U....-55....Hi.......m...............x..........)...F.p....r,}}L...i:q.Y.O....`L......yY...N..J]....T..~_|.Bh..p.w%0.H.%D...p..RM`..e....TJk..(..\.%......4..N.<..^..k/_..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):27696
                                                                                                                                                                                                                                        Entropy (8bit):6.448893455648887
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:TndoS4jOhWCHDIJNQnt96+aTkdMEdcG7UhZPWU1Nyb8E9VF6IYinAM+oC8Z1KTm:Td0SkSeIUhrREpYinAMxCm
                                                                                                                                                                                                                                        MD5:797C9554EC56FD72EBB3F6F6BEF67FB5
                                                                                                                                                                                                                                        SHA1:40AF8F7E72222BA9EC2EA2DD1E42FF51DC2EB1BB
                                                                                                                                                                                                                                        SHA-256:7138B6BEDA7A3F640871E232D93B4307065AB3CD9CFAC1BD7964A6BEC9E60F49
                                                                                                                                                                                                                                        SHA-512:4F461A8A25DA59F47CED0C0DBF59318DDB30C21758037E22BBAA3B03D08FF769BFD1BFC7F43F0E020DF8AE4668355AB4B9E42950DCA25435C2DD3E9A341C4A08
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....O............"...0..8...........V... ...`....@.. ....................................`..................................V..O....`..P............D..0(...........U..8............................................ ............... ..H............text....6... ...8.................. ..`.rsrc...P....`.......:..............@..@.reloc...............B..............@..B.................V......H.......t-..x(......2.....................................................{....*..{....*V.(......}......}....*...0..A........u........4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. .... )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*.rW..p*.r...p*F.(....r...p( ...*.r...p*.r...p*..(....*.rM..p*.r...p

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):542
                                                                                                                                                                                                                                        Entropy (8bit):5.041389931890446
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:MMHdGGsVZrdSJ9LNFF7ap+5v5OXrRf/2//FicYo4xT:JdArdEtPF7NhOXrRH2/d9y
                                                                                                                                                                                                                                        MD5:547C772B1DEA0A1E8030F6ED5BE2AF75
                                                                                                                                                                                                                                        SHA1:6F4A95B2EA3342D7B4D61C715C7FC076EB6A2DC0
                                                                                                                                                                                                                                        SHA-256:C35A8B8AF7ECCB9BA68B129FF7F46EB1279229D637049F40761A697E9DFCD5A4
                                                                                                                                                                                                                                        SHA-512:0F77B35AC34C8E4655F7F1F4EBF1A86AA11F96C689E632DA8BE8A17CC69A9292878E0058DD9EA5FF7315DCDD8B34489F06E6DCBB365569E3BB80E81373792FC0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.ini

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):13
                                                                                                                                                                                                                                        Entropy (8bit):3.5465935642949384
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:WhUv:Wm
                                                                                                                                                                                                                                        MD5:27AD88A291FC97D97FD773334DE4E487
                                                                                                                                                                                                                                        SHA1:04B5DB46F05E02E2EC94B8A0A3447EA41FA4089D
                                                                                                                                                                                                                                        SHA-256:4E7F8923223CB32E5D376EBC0C5361DD97DB201848590C4877D586723142B49F
                                                                                                                                                                                                                                        SHA-512:5B21A87E19D4E3D7A14DC05C815B8D06500695360AAD1F54D2D3713CF05F646E9E7D559551BFE2CC2CDEBCE29A1991BC80AB2B11DDF79A4033897B34DCA40521
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:version=17.14

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):93232
                                                                                                                                                                                                                                        Entropy (8bit):6.196023578677744
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:5Svbne0Q41qJ3n8JMW+0KcBLQhZV5M+5Nn0komH7yAfRS7Hxh:5S8UMW+BV5M+5Nn0kom/RSz
                                                                                                                                                                                                                                        MD5:BD539D820C8163E9E86E59B99ADEDD22
                                                                                                                                                                                                                                        SHA1:FF367525BA06F8B9E611A82CFD57411BA4FBD1FE
                                                                                                                                                                                                                                        SHA-256:04C547E06CA956DB2B929CC2B6B695A649FF0F82C52E56F2677A887E7D9616DE
                                                                                                                                                                                                                                        SHA-512:FEBB46D70A5466C85087BD4E42FBA81682CF398739F7EFEF43982C830CCFD6FCEC4613F0B5542951A463161C891EE9F378CD4D2B15B1659DCBC0E15A34BA677F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c.........." ..0..:..........^X... ...`....... ...............................F....`..................................X..O....`..8............D..0(...........V............................................... ............... ..H............text...d8... ...:.................. ..`.rsrc...8....`.......<..............@..@.reloc...............B..............@..B................@X......H.......|f..X............................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p(....r...p(..........(....(......&..*........00......:.(......}....*..0..Z............( ...,......(!...*~..........("........( ...-..(....s#...........,..($.........(!...*..........&E.......0..G........{....,.(......5~%...r'..po&...rm..pr...po'...tM...r...p((..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\Newtonsoft.Json.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):710192
                                                                                                                                                                                                                                        Entropy (8bit):5.960415778826794
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:fBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTUs:fBA/ZTvQD0XY0AJBSjRlXP36RMGx
                                                                                                                                                                                                                                        MD5:3DDA2732842FCAEEA0477F18D85CB584
                                                                                                                                                                                                                                        SHA1:D70016DF3F407CFE1BE6ACF63CC80A2B40F8212B
                                                                                                                                                                                                                                        SHA-256:EF3F8313AD94CFB9C2E8C95B54433F112918A0542C341763B19C0B2C6914A71D
                                                                                                                                                                                                                                        SHA-512:3403842EA1DF9F314EFF6E78F36F215A4E371B01B1C83345B7745737FABB092BDCFE63F78A29FB5FAD14825DA1C7AC286CC8BCA02B0FC3056620FE268D4FE6F9
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ......Ee....`.....................................O.......................0(.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller.zip

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):833993
                                                                                                                                                                                                                                        Entropy (8bit):7.999644881255343
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:24576:peRqTiLR3omp/AAzr5nxL2CP+sZ4tgMfQo:p8nLR4WYA72CPPoKo
                                                                                                                                                                                                                                        MD5:9B1F97A41BFB95F148868B49460D9D04
                                                                                                                                                                                                                                        SHA1:768031D5E877E347A249DFDEAB7C725DF941324B
                                                                                                                                                                                                                                        SHA-256:09491858D849212847E4718D6CC8F2B1BC3CAA671CEB165CF522290B960262E4
                                                                                                                                                                                                                                        SHA-512:9C8929A78CB459F519ACE48DB494D710EFD588A19A7DBEA84F46D02563CC9615DB8AA78A020F08ECA6FA2B99473D15C8192A513B4DF8073AEF595040D8962AE4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:PK..-.....;9rX.9..........9...AgentPackageInternalPoller/AgentPackageInternalPoller.exe....0Z.......U........ee..Th8.............t.v.g....g......M.........c..K.`|.'1.W.g.;.W+.e.....D.."|...]-:.To.:.`B(.E{.T.?..z...&.....g.....1.,km8.....Y......WZm;..!.....k.....iA...~.zK..EW'.....p.A....Q6.~S......A.......6....h=C3N0y.$i....M...N....C......I.....UCp.p....x..WQ!.p..>.'N%.2Z.l.R8./...%Ew..T..yy.....q...U.nqH......".......n.6M..P.:t...t1..r...!9Z.N.X.s8.3.9V.a...m8....LpWS..O.8..R6..O.l....e|(..F...Og.h.0..,..Z.H....Rl..L.N.9.\...."4..%..A.<."..Iy...:..GBw_1......3.y.p...a...*...l..._.FI.Z.....+.L.....]Y.K|RM.Pf..in.........93+2.QMH.t......<...3.. ....2..!....t..)).I\.qw1.'..J...J3".K'rt.h.f+.I.7...q.MK......V.._!Q.].w..au.[.brv.T&..Lfm./..J.$.m...... t.u..uQ...L...\...M.Ihp.rG.J..C".....d.....;z..d....L.p.r.c7....q[2.e.........!(....Ld.....M..9...M....>EN&dY.]....>QUJ..N.+d.cr..].D.o.........?o.~@....@..D[...5.C.eP.a.....;..:.._v.....R

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):219696
                                                                                                                                                                                                                                        Entropy (8bit):5.943430076853408
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:It3Mf3ZwYUPEpbPwygJQetg0+BpU3I0toxhGf:2MfJPpjYN8hI
                                                                                                                                                                                                                                        MD5:01807774F043028EC29982A62FA75941
                                                                                                                                                                                                                                        SHA1:AFC25CF6A7A90F908C0A77F2519744F75B3140D4
                                                                                                                                                                                                                                        SHA-256:9D4727352BF6D1CCA9CBA16953EBD1BE360B9DF570FD7BA022172780179C251E
                                                                                                                                                                                                                                        SHA-512:33BD2B21DB275DC8411DA6A1C78EFFA6F43B34AFD2F57959E2931AA966EDEA46C78D7B11729955879889CBE8B81A8E3FB9D3F7E4988E3B7F309CBD1037E0DC02
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe, Author: Joe Security
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{..e.........."...0..&..........:D... ...`....@.. ..............................h)....`..................................C..O....`..d............2..0(...........B............................................... ............... ..H............text....$... ...&.................. ..`.rsrc...d....`.......(..............@..@.reloc...............0..............@..B.................D......H........@..$.......f.....................................................{....*..{....*V.(......}......}....*...0..A........u........4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. ...x )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....(....*..{....*..{ ...*..{!...*r.(......}......} .....}!...*..0..Y........u........L.,G(.....{.....{....o....,/(.....{ ....{ ...o....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):541
                                                                                                                                                                                                                                        Entropy (8bit):5.097123194334321
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:MMHdGp2VvOF9LNFF7ap+5v5OXrRf/2//FicYo4xT:JdsIOvPF7NhOXrRH2/d9y
                                                                                                                                                                                                                                        MD5:D0EFB0A6D260DBE5D8C91D94B77D7ACD
                                                                                                                                                                                                                                        SHA1:E33A8C642D2A4B3AF77E0C79671EAB5200A45613
                                                                                                                                                                                                                                        SHA-256:7D38534766A52326A04972A47CACA9C05E95169725D59AB4A995F8A498678102
                                                                                                                                                                                                                                        SHA-512:A3F1CFF570201B8944780CF475B58969332C6AF9BEA0A6231E59443B05FC96DF06A005FF05F78954DBE2FEC42DA207F6D26025AA558D0A30A36F0DF23A44A35C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>...<startup>....<supportedRuntime version="v4.0" />....<supportedRuntime version="v2.0.50727" />...</startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.ini

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12
                                                                                                                                                                                                                                        Entropy (8bit):3.584962500721156
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:WhXWp:WBc
                                                                                                                                                                                                                                        MD5:DFDD2EB77BBB74518BAD98519A857D41
                                                                                                                                                                                                                                        SHA1:5F4F91D73EA620CDF0E5AC458E80B71412B1BB9F
                                                                                                                                                                                                                                        SHA-256:7655078305CC5B4F62569EF9868E1B04FCC491D33FDAD1F8E4610C038BCBAC8D
                                                                                                                                                                                                                                        SHA-512:481CDA97C03294EBAB036F99727828983C8D0E4C137AF05FDEA7FD296D11378904BACCE2D58D44F932A0BF7F2A30A9B44F4CBC05E253F132B1EF641F648C8DF0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:version=23.8

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentCommunication.Models.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):52272
                                                                                                                                                                                                                                        Entropy (8bit):6.300719339270839
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:5i8fXCGsSVh/2ixXxKFArYCJdshn9xvlOaEpYinAMxCuMr:5FaM2gS1y2F9Ob7HxCr
                                                                                                                                                                                                                                        MD5:9467F653980C1C37E4C64811BA27C976
                                                                                                                                                                                                                                        SHA1:68130FABBB50EAF5CFE2C355BA13B303DD373FB6
                                                                                                                                                                                                                                        SHA-256:821847799A2B7B3A6EC20BA61388AC87707D9C6865BD904A44DE5B033BD2EF29
                                                                                                                                                                                                                                        SHA-512:E72B7802256053589D889B2B7E74A2B53F328289A12CC0D4930D66410D00585C67B2C434512473CD2E74C8F2CB7685C2C34FCFC3DBA4A52399532CEB04153597
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... ..............................t.....`.................................2...O.......................0(..........@...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................f.......H...........x.............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{ ...*"..} ...*..{!...*"..}!...*..{"...*"..}"...*..{#...*"..}#...*..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):96816
                                                                                                                                                                                                                                        Entropy (8bit):6.1801131806578455
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:hJt7dqUlizL21LDdeOKTfLz2L506wFj/XxFoKjhJG/50vks00UfgfgvC7Hxwx:hQUm2H5KTfOLgxFJjE50vksVUfPvCI
                                                                                                                                                                                                                                        MD5:F1B2303DD7E152BA70F3537EDB2E9638
                                                                                                                                                                                                                                        SHA1:7E359D4B9011449DABB7F8236F14851A346B5028
                                                                                                                                                                                                                                        SHA-256:8EE8B304339B6F87E79B117F605375AFFFCBABA290A1B41BB6B3C1A40E46767C
                                                                                                                                                                                                                                        SHA-512:A4DD48F1AFF528DADF9974ADA1740CE785823FB584F55191D008158FCFB11F9ADAD8EFF992B8FF761058706C1717E28FBC9C337CF39D4EE4FFAA529501CB3188
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....0.d.........." ..0..H..........zf... ........... ..............................l.....`.................................(f..O.......8............R..0(...........d............................................... ............... ..H............text....F... ...H.................. ..`.rsrc...8............J..............@..@.reloc...............P..............@..B................\f......H........k..D............................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p(....r...p(..........(....(......&..*........00......:.(......}....*..0..Z............( ...,......(!...*~..........("........( ...-..(....s#...........,..($.........(!...*..........&E.......0..G........{....,.(......5~%...r'..po&...rm..pr...po'...tR...r...p((..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\LastSyncDevicesTime.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):19
                                                                                                                                                                                                                                        Entropy (8bit):3.326360407952695
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:XuC:XuC
                                                                                                                                                                                                                                        MD5:941A75534D096C8E2BD8653163B92D53
                                                                                                                                                                                                                                        SHA1:3895366805B78A1578E035033B257DBEAA0A4C5A
                                                                                                                                                                                                                                        SHA-256:2E6E3FF8C11DA263958F535A98426F1BC4FCD4607AFFE1E3D0214B4D845511B7
                                                                                                                                                                                                                                        SHA-512:540C21BF981E8B5C0369E8272CE66FDCCB2B83429F9DCF7DCB9D8F0990C76A6EDC61BA7521DD0AACFF0E9FDF28F26ACAD2DF62326CE72845F634F463F7EC72AF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:08/11/2024 07:39:27

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\LiteDB.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):499760
                                                                                                                                                                                                                                        Entropy (8bit):6.056862695710082
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:HXv781Hpx+GfCdLr/jd9yyeEAHweiPofdyz7qd352SW8CdykAfqO:/76BfC5avfdyvc2SN
                                                                                                                                                                                                                                        MD5:3CE7E73DB6F575A0D382DDAA8E1A3C10
                                                                                                                                                                                                                                        SHA1:031C13652C540CA7F798D141D7C3333FB1C71618
                                                                                                                                                                                                                                        SHA-256:692185C37DB7505250E58CC55D6707FCB099315A7FF319A9CC92FD99C5F0EEA7
                                                                                                                                                                                                                                        SHA-512:5270E772613864BD223F31F89CFA500E56E7863967C58C503F92E193AF8C8CAF934B7755868EC21585A38E8D6D186A2DC5528A805A62A0BFA56B59E6506BFF81
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....,..........." ..0..p............... ........... ....................................`.................................?...O....................x..0(..........t...T............................................ ............... ..H............text....n... ...p.................. ..`.rsrc................r..............@..@.reloc...............v..............@..B................s.......H.......(d...(...........................................................{J...*..{K...*V.(L.....}J.....}K...*...0..A........u;.......4.,/(M....{J....{J...oN...,.(O....{K....{K...oP...*.*.*. 8..z )UU.Z(M....{J...oQ...X )UU.Z(O....{K...oR...X*...0..b........r...p......%..{J......%q>....>...-.&.+...>...oS....%..{K......%q?....?...-.&.+...?...oS....(T...*2.(U...oV...*..-.rE..psW...z.(U....oX...oV...*:...(....(Y...*:...(....(Y...*N..{Z....o...+(Y...*z.{[....{Z....{\....s]...(^...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Newtonsoft.Json.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):710192
                                                                                                                                                                                                                                        Entropy (8bit):5.960733432365752
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:bBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUk:bBjk38WuBcAbwoA/BkjSHXP36RMGt
                                                                                                                                                                                                                                        MD5:2A9525F27730CBF9E7145AADE4CDA830
                                                                                                                                                                                                                                        SHA1:A6A99E02599656DE1C7F51B02C84BBA8AAE0346D
                                                                                                                                                                                                                                        SHA-256:29D0073080509DB7F3F20C47980A1347CC4139C5F2E26C9C160AE67CE5EECB6E
                                                                                                                                                                                                                                        SHA-512:DDDEEC7AA9D3F9E6187718564AE1A447FCAB12EC2DCBD26EDD87217B4815C274A6BAF90A027766FCC94815C762ED9BFA8D0DEF6C1B2F84279DED9C66852D381E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p$?..........." ..0.............B.... ........... ....................... ...... .....`....................................O.......................0(.......... ...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................$.......H.......x...(9............................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Polly.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):277040
                                                                                                                                                                                                                                        Entropy (8bit):6.190626027944278
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:rSOIleacQlBh2YQMoIBhpq01TLvlj9b6gRZNsRYA:suQlBAMW0BvltxZ6B
                                                                                                                                                                                                                                        MD5:4ECF017FD71CC84A4CBAB7507B8634BE
                                                                                                                                                                                                                                        SHA1:2343F37490F9A11F5F0878A1553F0FAF504FE062
                                                                                                                                                                                                                                        SHA-256:871D9403D045F94FC433907E49B68894764FCAF81E12FBDE2AC7A08642DDA32C
                                                                                                                                                                                                                                        SHA-512:5FCB9BDA9C857BA1AD2EC0B19AD109AC54BAC91B8F8F00968560623C8AFD01FAEE1078F7C76010C7526A37C46EE0DB74A0E0DB151186F8FB220105F7091FA69B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............'... ...@....... ..............................>.....@..................................&..O....@..L...............0(...`.......%..T............................................ ............... ..H............text........ ...................... ..`.rsrc...L....@......................@..@.reloc.......`......................@..B.................&......H.......L[......................`%......................................^.{....,.(:...z..}.....*^.{....,.(:...z..}.....*"..(?...*"..(@...*...0..,.......sp......}........q...s7...sj....{.....(....*.0..-.......sr......}........s...s7....ss....{.....(....*....0..(.......st......}........u...s7.....{.....(....*.0..'.......sv......}........w...s7...sj.....(....*B...ss.....(....*......(....*.0..'.......sx......}........y...s7...sj.....(....*F...ss......(....*....0..Z..........}....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\SharpSnmpLib.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):149552
                                                                                                                                                                                                                                        Entropy (8bit):6.059724018456156
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:o/S+nps5/3oat9QrwQmUgs0giOBDQntBBGBBKBUkBBXBBgBBFBUABU1BB0BBBBgB:o/S+nps5/3f9Qrdd5EtBBGBBKBUkBBXh
                                                                                                                                                                                                                                        MD5:2FF31980FD256EF1B1E143D4699BB727
                                                                                                                                                                                                                                        SHA1:608A21DA2B243E63DAD9E36EE84BC38C921F8E77
                                                                                                                                                                                                                                        SHA-256:F34AD6FB7847A85ADBE1492C783233A8A32BB5E96972FA3738538CE20513F682
                                                                                                                                                                                                                                        SHA-512:2FEF83A7668D190297863592FBBC8E766042067138C3A163771CDCF1FB284BC8162EA6B7B958CB076B6AB654216B855324AE292F78931C47EDC33B52376943AD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...:.R..........." ..0..............3... ...@....... ...............................5....`..................................2..O....@............... ..0(...`.......1..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H.......H....1..................81.......................................0..S........-.r...ps!...zs".....o#.....g...%.. .o$......+......(%...,...o&.....X....i2..o'...*..0...........-.r...ps!...zs".....s(.....~o...%-.&~n.........s)...%.o...(...+o+....+X.o,.....(-...-.r...pr...ps....z..o/...&.o0....3(.o1... ....(2.....(3...,....o&.....o4....o5...-....,..o6.....o0...,.rK..pr...ps....z.o'...*.......F.d.......z.-.r...ps!...z.(7....-. o8...*..0..U........-.r...ps!...zs9........+ ..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\System.Runtime.InteropServices.RuntimeInformation.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):27184
                                                                                                                                                                                                                                        Entropy (8bit):6.334370226233819
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:Bn1VM0JrpNWDcIh6leOiDFIFBYp1+/EpYinAMxCw:BnvXYcIh6yFIFBYpc47Hxn
                                                                                                                                                                                                                                        MD5:A964D6B5F323E343E884A1E4EBBA21A3
                                                                                                                                                                                                                                        SHA1:41FEA32C2FCC56070CF904AB441019F963C83ED5
                                                                                                                                                                                                                                        SHA-256:0214D2C78CC1DBE92853305FA12119BBE09EA06B5EB9C4B4E7AD76B6FAF232ED
                                                                                                                                                                                                                                        SHA-512:3E93C094D3B9D77BAE9C1725B452743FDFA0A20EB07FFC50EA861C501821710A2C29197CF43DCEC1BF089A5BC9B8F2BF57F9FD0EC8D9805D00E32538D03CD46C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Ub.X.........." ..0..8...........W... ...`....... ....................................@.................................dW..O....`...............B..0(..........,V............................................... ............... ..H............text....7... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............@..............@..B.................W......H.......4%..p/...........T.......U......................................r~....-.(....s.........~....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*.......%...(....*.(....,.r...p......%...%...%...(....*.......%...%...(....*..0..A.......(....,!r...p......%...%...%...%...(....*.......%...%...%...(....*2r...p.(....*......(....*2(.....(....*^~....-.(.........~....*..0..........~..........(

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\System.ValueTuple.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):73264
                                                                                                                                                                                                                                        Entropy (8bit):5.955083228632948
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:R784YWac+abptsy5VyYc/9n1RcGxzeeUVn9KyQgHo0JuresehaAR7HxRX:R7N1r9KGI04CCARLX
                                                                                                                                                                                                                                        MD5:FA432B69828C0F175E44B367AF91ED2D
                                                                                                                                                                                                                                        SHA1:C0E72D5C64E9B560311EBD1EC3A35CED46386C78
                                                                                                                                                                                                                                        SHA-256:6718AFA55EF89805B69360C9E88347A39CC302AB3C16590E78136C20DB025613
                                                                                                                                                                                                                                        SHA-512:E0C54D9126C557C24013486A31D5477EFF2B800ADAE472C3103EE1F1CD527546E6DCEFB19D5DCE602AEE6DA7A0290F413CE2C6C09DF28D4333C4E62510FE2064
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0.................. ... ....... .......................`............@.....................................O.... ..P...............0(...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H.......$...h...........................................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o ..........o!...........o"........*...o#..........o$..........o%...........o&...........o'........*....0..L.........o(..........o)..........o*...........o+...........o,...........o-........*.0..Y.........o...........o/..........o0...........o1...........o2...........o3...........o4.... ...*....0..k.........o5....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\log.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):639
                                                                                                                                                                                                                                        Entropy (8bit):4.8584020726349175
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:X3DIytXEVL3DIy6XEOMrDaLo4ECuZDjqQg2mvjr62su5r62suN4g2/:H1tXQ1Ws4E8QaLT5TOr
                                                                                                                                                                                                                                        MD5:D2E7E08356A97FA4396C5AD618CAFBE7
                                                                                                                                                                                                                                        SHA1:4E793D3E46EC62AD77CAA9375EAC5F33C7D40981
                                                                                                                                                                                                                                        SHA-256:91951B16B3F1F03AC2310596B82DBD19A169F418D124F951E7F1C238408DA976
                                                                                                                                                                                                                                        SHA-512:A44A6278B9621BF8BBA877347C131E6358C906D91E633DC7BD86B03E430500C95E5F70960DD335F9E1EFD62D5B7E311018E51207D0E5239F042A38CE14AB818C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:08/11/2024 07:39:22 In Program static constructor, before instantiating _logger08/11/2024 07:39:22 In Program static constructor, after instantiating _logger without using _logger08/11/2024 07:39:23 Starting Main(), logging without using _logger..08/11/2024 07:39:23.691 am: Info: Before PollAll() call written at: 08/11/2024 07:39:23..08/11/2024 07:39:27.706 am: Info: In PollAll() before Poller.PollAll(false) written at: 08/11/2024 07:39:27..08/11/2024 07:39:27.722 am: Info: In PollAll() after Poller.PollAll(false) written at: 08/11/2024 07:39:27..08/11/2024 07:39:27.722 am: Info: After PollAll() call written at: 08/11/2024 07:39:27

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace.zip

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1246506
                                                                                                                                                                                                                                        Entropy (8bit):7.999702247108497
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:24576:Ony3ipTOpSfZauTZ0OH58yGrxiVj3WqHvYfUmanGGJFE:OnaSOpGoud0OHGliZWqH3bn/E
                                                                                                                                                                                                                                        MD5:E74D2A16DA1DDB7F9C54F72B8A25897C
                                                                                                                                                                                                                                        SHA1:32379AF2DC1C1CB998DC81270B7D6BE054F7C1A0
                                                                                                                                                                                                                                        SHA-256:A0C2F9479B5E3DA9D7A213EBC59F1DD983881F4FC47A646FFC0A191E07966F46
                                                                                                                                                                                                                                        SHA-512:52B8DE90DC9CA41388EDC9AE637D5B4CE5C872538C87CC3E7D45EDCF8EFF78B0F5743AB4927490ABDA1CFF38F2A19983B7CCC0FE3F854B0EACCA9C9CE28EDA75
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:PK..-.....=O(Y..>.........3...AgentPackageMarketplace/AgentPackageMarketplace.exe....0.......>N......V.^.'....l....f.u*-Dl._.>.u.S.Pl-6.;...].#.S.X..7./...."...Z.....M.$`.,..{....v...B.Q.M7.j4.'.C.G`<s.X.%.....,...<bdR....N....!.$J@.k...55....>1..(P&..-.#p.NwuV=Wb...a....-....q.!.s.LH..(...:..#7...L.7.$6.C.uy....&I.r..e...,w0o.....`.....[.{cg=]..IBiQq.`.X.D.h.......G./..NA.....46....w.....b9rp.J.C*.2.F.....G...~..q.x....u......l..I..b..z..w..v.d!./..U.Y^..J..k<kUo:.n:.W......g$..<.X.>....rQ.5JiJ.+..|.p......C......o/...K......T.....+9..z.."..Yd.f..&.B..QWu.-.@...c4.T.^...#.E...v...B..\.x0..{..."|.a.?.y.......-..W.........8nk.).$sf.2].c>...`....=...0..$.bp...Oh....8x.-.%N/...w.........i....a.QX0.k..k..f..D.vl.f.Q..3....]....$.4..k..y.../...'...a..C.x...@..".8....9...;..&j..G#f......).....l......Y..7.c....PJ...X...^)s[...{.......Jr.Q..+....N.F.I...%OS...=.......5......i....h..(....r..T-ir.=.+.'..'.......r...[..J...l.P....[.q...,.To..h.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):37936
                                                                                                                                                                                                                                        Entropy (8bit):6.42035670242574
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:GlK72yzFcoUzzxYeHTxwx6/ufD/EpYinAMxCoG:3e9YeHVwYe47Hx6
                                                                                                                                                                                                                                        MD5:EFB4712C8713CB05EB7FE7D87A83A55A
                                                                                                                                                                                                                                        SHA1:C94D106BBA77AECF88540807DA89349B50EA5AE7
                                                                                                                                                                                                                                        SHA-256:30271D8A49C2547AB63A80BC170F42E9F240CF359A844B10BC91340444678E75
                                                                                                                                                                                                                                        SHA-512:3594955AD79A07F75C697229B0DE30C60C2C7372B5A94186A705159A25D2E233E398B9E2DC846B8B47E295DCDDD1765A8287B13456C0A3B3C4E296409A428EF8
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...!............."...0..`............... ........@.. ..............................P.....`.................................Q...O....................l..0(...........~..8............................................ ............... ..H............text...._... ...`.................. ..`.rsrc................b..............@..@.reloc...............j..............@..B........................H....... 5...I...........................................................0..H........(......}......}......~D...%-.&~C.....j...s....%.D...(...+}.......}....*.0.._........{....-.r...ps....z.{....o.....i./2.{....r+..pr...p.{....o....(....(....o.............{....o........:...%.. ..o...........i.0..+......{.....o....-2.{....r...pr...p.{....o....(....(....o............{.....o.....o....o .....-.....ws....%.{....o!...o"...%.{....o#...o$...%.o.......E...{....%-.&.+.(....%-.&.+..(...+

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1295
                                                                                                                                                                                                                                        Entropy (8bit):5.018953579697613
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:JdArdEtPF7NhOXrRH2/BLVv+13vH2/nVQ7uH2/FV0PH2/+w39y:3Ar+z7O7Rgdp+1/gnSagFsg+w3w
                                                                                                                                                                                                                                        MD5:843D2196B96E53ABCAE6F4C243D1A7A6
                                                                                                                                                                                                                                        SHA1:EB28441616660FD53653999595A3309961AA9A54
                                                                                                                                                                                                                                        SHA-256:175C1EBF4B5C56563944E65C9E8AE4595730155D69854499DB638E82E16DF056
                                                                                                                                                                                                                                        SHA-512:2C24DA122963E1BF533FD8A5C841C9BCD86442E0E49D3BE379FBB21AA607FDC6C7D30BA5573615416D55538429652BF1108D88EC8267FDC5D8C8F9ECAF11D0A1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-12.0.0.0" newVersion="12.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="Microsoft.ApplicationInsights" publicKeyToken="31bf3856ad364e35" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-2.9.1.0" newVersion="2.9.1.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.ini

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11
                                                                                                                                                                                                                                        Entropy (8bit):3.459431618637298
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:WhUnn:Wu
                                                                                                                                                                                                                                        MD5:5EDA46A55C61B07029E7202F8CF1781C
                                                                                                                                                                                                                                        SHA1:862EE76FC1E20A9CC7BC1920309AA67DE42F22D0
                                                                                                                                                                                                                                        SHA-256:12BF7EB46CB4CB90FAE054C798B8FD527F42A5EFC8D7833BB4F68414E2383442
                                                                                                                                                                                                                                        SHA-512:4CF17D20064BE9475E45D5F46B4A3400CDB8180E5E375ECAC8145D18B34C8FCA24432A06AEEC937F5BEDC7C176F4EE29F4978530BE20EDBD7FED38966FE989D6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:version=1.6

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):102448
                                                                                                                                                                                                                                        Entropy (8bit):6.190700491174632
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:hPAt6+FT+ZGodV5iYbYSWd85e+ZS5sSak42QhLks2OL87HxBg:h2bYbYSWd85I5sSakFQhHL8/g
                                                                                                                                                                                                                                        MD5:266A4736FE6DFEADBC40C66AF39D3871
                                                                                                                                                                                                                                        SHA1:D090E63810691F78F760E55640B81958BC715183
                                                                                                                                                                                                                                        SHA-256:4D6091013BF285AF05D901BA130E86D8CEFDB4E387540C3814929C1277C2DDF8
                                                                                                                                                                                                                                        SHA-512:AB43966CEFC08A8FE9B7A1787948F55A73B243CA6DE7259FD42E5BD4ABAE61D562C9642770708BA38AB6118D3755741529ED51E7DB2A8A811BE8B876F2922A8B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5*f.........." ..0..^...........}... ........... ....................................`.................................`}..O.......8............h..0(..........(|............................................... ............... ..H............text....]... ...^.................. ..`.rsrc...8............`..............@..@.reloc...............f..............@..B.................}......H........s..|............................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p(....r...p(..........(....(......&..*........00......:.(......}....*..0..Z............( ...,......(!...*~..........("........( ...-..(....s#...........,..($.........(!...*..........&E.......0..G........{....,.(......5~%...r'..po&...rm..pr...po'...tR...r...p((..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Atera.AgentPackages.CommonLib.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):95280
                                                                                                                                                                                                                                        Entropy (8bit):5.998846079851237
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:GiLY8I1pq2jBTn9kbf0KNGVIYMcoS1JkEX5g7Hxlv:LZ0PMcjrgv
                                                                                                                                                                                                                                        MD5:C6339BD38794C9EB831004955DE64D16
                                                                                                                                                                                                                                        SHA1:EAE04876F94347538735F853B7F14778CB75180F
                                                                                                                                                                                                                                        SHA-256:855D0323807390D8F499355D0030685FBD6DC6939218A15059CB3E9C744AB1A4
                                                                                                                                                                                                                                        SHA-512:F62F76F305285F1C206AEFB8418E48BD2074DEC768C16986353305F34D17524E9A9AEA29AAE11B0D927247161F21039933B3EA68F2BC7F40623B471E123B33F7
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..B..........R`... ........... ...............................+....`.................................._..O....................L..0(..........(_..8............................................ ............... ..H............text...X@... ...B.................. ..`.rsrc................D..............@..@.reloc...............J..............@..B................3`......H........h................................................................(......}......}.......}.......}........o=...}....*..{....*>.{....o.......*v.{....o...........s....(...+*...0..<........{....o.....{....#.......@(....o.....{......o........&.....*........55........{....o.....{....#.......@(....o.....{......o....*..0..$........(......`...%..".o......{.....o....*Z.(....r...po!...o....*..{....o0...r...p.(....(....o&...*6..(....o....*..{....*..{....*.s....z.s....z.s....z.s..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Atera.Utils.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):51760
                                                                                                                                                                                                                                        Entropy (8bit):6.408406581403349
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:hQMnMYnUFMSptE7C+t2RO3neZN8752vwzE8Kku6ZFMLcyMmEpYinAMxCl5E:h9MYn1seLE8JFMLcyMH7Hx+E
                                                                                                                                                                                                                                        MD5:7F8418A330DA75F653CC1A50F0B91175
                                                                                                                                                                                                                                        SHA1:7448DCCCDB8FBB1CC827FFE4861C7BD529EE85F5
                                                                                                                                                                                                                                        SHA-256:BF780EB84424039CAB84C818D21A402369EC1BDC9136E1CDBB60486343A07723
                                                                                                                                                                                                                                        SHA-512:3CAC7066B3F210D826383CA000CDC581C0CA193800C97F2F34C6139BB4880A12A485604344EF22BADFD4609F2A0E7645E81DECFA8C5BF8C6DF4406BFEE6DBFDA
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............r.... ........... ....................................`.....................................O.......4...............0(..........4...T............................................ ............... ..H............text...x.... ...................... ..`.rsrc...4...........................@..@.reloc..............................@..B................R.......H.......XE...q...........................................................0..........(.....o.....s........s............io........,...o.......jo....s....&.o.....O.........io ...&..i.X.O..........i(!.....i(".......(!....(#...*.........*.......0.._........($....s.......(%........i.Yo.....O......jo......s&.......io ...&(........io'.......,..o......*.........FS........((...*2.~....(....*....0...........()...,.r...ps*...z.()...,.r...ps*...z.....~....s+....s,.......o-....[o....o/...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Microsoft.ApplicationInsights.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):354352
                                                                                                                                                                                                                                        Entropy (8bit):6.1536791121281995
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:4r/iEF3zTxesPlx5zIAUH+2n8G4smIkuxhnCq7a/ZmvYyD:4hpp9xxIBeXGfvYyD
                                                                                                                                                                                                                                        MD5:697D8BC281B58B1FCEEC721B9BC01059
                                                                                                                                                                                                                                        SHA1:DA468B41FDADE096896B6835645DEFF110F438F5
                                                                                                                                                                                                                                        SHA-256:82C4EFE948B812C844DE4950130C292CDC49EDA42F447E17DE6CC451A1F5135E
                                                                                                                                                                                                                                        SHA-512:95877A2E690E083B256F71E376BE757FA0D329A6AAEC193461D325C63867BCE9E72A648EDB17A8817198C5224853541C65F664A6FFB966AE35D9E558F681EF46
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j.Y..........." ..0..8..........nW... ...`....... ...................................`..................................W..O....`...............@..0(..........HV..8............................................ ............... ..H............text....7... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............>..............@..B................OW......H.......`...ht...................U........................................{*...*..{+...*V.(,.....}*.....}+...*...0..;........u......,/(-....{*....{*...o....,.(/....{+....{+...o0...*.*. S]G. )UU.Z(-....{*...o1...X )UU.Z(/....{+...o2...X*.0...........r...p......%..{*....................-.q.............-.&.+.......o3....%..{+....................-.q.............-.&.+.......o3....(4...*..{5...*..{6...*..{7...*..{8...*..(,.....}5.....}6.....}7......}8...*....0..k........u......,_(-

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\NLog.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):883760
                                                                                                                                                                                                                                        Entropy (8bit):6.071511091364285
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:m1n1p9LdRN39aQLU0NnWSo7NReIGeFTiQaMcK2VJNUR10+xMhCJqtgsxUsQ0:m1n1p9LdRN39aQZUq1
                                                                                                                                                                                                                                        MD5:1A5AE803BFFDEBA6B4D9825233D1C23C
                                                                                                                                                                                                                                        SHA1:E324D9B2F417F46FE3364658429B620BC5942322
                                                                                                                                                                                                                                        SHA-256:2BED7E5890D572E41770C422C25CF11F0D3C2D170C5F38F8EB1535E1A3E614C6
                                                                                                                                                                                                                                        SHA-512:D8DCB1E227AD001A2F43C9847E0A22D43DBE7021814AB88DBD168092A3C172D17CB69848F743166E755DB771B55025664C0E53580B9E48252B1581AD281E332A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..F..........:d... ........... ...............................q....`..................................c..O....................T..0(.......... c..T............................................ ............... ..H............text....D... ...F.................. ..`.rsrc................H..............@..@.reloc...............R..............@..B.................d......H........%...2...........W.......b......................................"..(....*..(....*"..(....*..(....*..(....*..(....*.(....*"..(....*...0..B.......~..........(b...~....,.~.....oc......+...(......od......,..(e....*........../7......"..(....*6.(.....(....*..0..........(.......of...&.*.(....og...*2(.....oc...*....0..?.......~..........(b...~....,.~.....oc...+...(.....oh...&...,..(e....*.........,4.......0..?.......~..........(b...~....,.~....oi......+...(....oj......,..(e..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Newtonsoft.Json.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):702512
                                                                                                                                                                                                                                        Entropy (8bit):5.943194897994663
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:3f9WGsSVSM2mxL2nRiOr8gUckc6V/g2GhBzj05cH3:vXNL2PVh6B+BzjmcX
                                                                                                                                                                                                                                        MD5:F78DB2C6B247E0FFC215A44AE88178D8
                                                                                                                                                                                                                                        SHA1:12FB14AE1CF731115F07076AD939A2ACC57A9920
                                                                                                                                                                                                                                        SHA-256:1DFF434970F52326AA5E0C1164AB76A771A1EE651E37166DF8A3BC3F06204746
                                                                                                                                                                                                                                        SHA-512:AF3F67FA56CA89111E389DE17F9030D979827E8B60AF86E991115B07759D6DADA1B74ED870B5163474192BF58A5FA69EBFB03DFCF087EB88E1E72EC26BB578CB
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0................. ........... ....................................`.....................................O.......................0(..............T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........z..<&..................<.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{[....3...{Z......(....,...{Z...*..{\.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Polly.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):285744
                                                                                                                                                                                                                                        Entropy (8bit):6.190004154231823
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:uZAWecOmop6I4A9YzsRuBeXirS9/pcRykxxNKKV6S8mSrpsPngH:uZeZ6ANRIru9/pcMkoKV64SrWA
                                                                                                                                                                                                                                        MD5:2CD03F275D3BB90B106632F203DCAF64
                                                                                                                                                                                                                                        SHA1:025C716D6B123FA03DC9F97D4BF77D4AF20B75AE
                                                                                                                                                                                                                                        SHA-256:B90619EBE88644BDA995505BDE5D5E282403E27FF7A55E273CC2FF9ACC88300A
                                                                                                                                                                                                                                        SHA-512:321660D33F6126077D4DC04AFBB341B9D46D07E2B38CF45F1C7B2C8B60A58A3F008390EE6F8B6995BECF4B0EADF66C9263D4BE67C8269F9A0851207650B9632D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....O..........." ..0..*...........H... ...`....... ....................................`..................................H..O....`..L............4..0(...........G..T............................................ ............... ..H............text....(... ...*.................. ..`.rsrc...L....`.......,..............@..@.reloc...............2..............@..B.................H......H.......Hd......................LG......................................^.{....,.(F...z..}.....*^.{....,.(F...z..}.....*"..(K...*"..(L...*...0..,.......s.......}............s9...sv....{.....(....*.0..-.......s.......}............s9....s.....{.....(....*....0..(.......s.......}............s9.....{.....(....*.0..'.......s.......}............s9...sv.....(....*B...s......(....*......(....*.0..'.......s.......}............s9...sv.....(....*F...s.......(....*....0..X.........(:...}

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\StructureMap.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):284208
                                                                                                                                                                                                                                        Entropy (8bit):6.117448325022863
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:/ZgOtIGgeCEwNN4uaNZLVJ8ViVvW18KHxmeWntxX4xH9:Bgo0WPVTXgd
                                                                                                                                                                                                                                        MD5:BF59A9BBF620C0F06ED79180C868FCE0
                                                                                                                                                                                                                                        SHA1:2E8F9EF7A105A951790344A3B9ADC61DB35ABAAD
                                                                                                                                                                                                                                        SHA-256:CEBDB552DAC9E136F87E37A461B7683934F00AA2A74FBA15BC53ADFA38F1B79E
                                                                                                                                                                                                                                        SHA-512:C472376BD7A0E532CB8FDDA7ADDB00FB973D30F97368460929E8352C16BCB17EA92264C81E1E1E084566172ECE3D1513073D24B01990A808335D0C040039C6D3
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....7..........." ..0..$...........C... ...`....... ..............................\.....`..................................B..O....`..D...............0(...........A..T............................................ ............... ..H............text....#... ...$.................. ..`.rsrc...D....`.......&..............@..@.reloc...............,..............@..B.................B......H.......X~..x.............................................................o...+*..o...+*..(....*n.-..r...p.r...p(<...s=...z*...(.....o>...-.r...p.r)..p(<....s?...z*.0..9..........o@......+$..........(A....oB...(...+,...+...X....i2..*..(D...*....0..n.......sE.....oF......+A.......(...+,/..oG....,.rc..p..oH....oI...(J...sK...z...oL.....X....i2..oM............oN....*..(D...*...0..E........oO....+..oP......oQ......8...,......o....-....,..o.........8.....*.*...........'.......V.-.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Buffers.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22064
                                                                                                                                                                                                                                        Entropy (8bit):6.678227546122444
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Xy/fjFwUI/KQyVvKdDhG6ISDFWvYW8aoNyb8E9VF6IYinAM+oCOqq/dW:XuhMaVmzDC67EpYinAMxCwk
                                                                                                                                                                                                                                        MD5:181F16CCEBD4B02ACE42A02CC536ACA9
                                                                                                                                                                                                                                        SHA1:84795DA0255E288C96AC64F1C8150E81E0289FFD
                                                                                                                                                                                                                                        SHA-256:80582DBDE89A6D9906721AD27562C7B2BEDE7048E4D461828D3BA2C4438E58E9
                                                                                                                                                                                                                                        SHA-512:73F93A3F4538FCE421A453B5A90AC662CC58D5A846AFECB8E337F33A1D643A81C8D02F5F3AECAE4CF00828A3103C63614F086E92ABD262317B13CF608784D72A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..$...........C... ...`....... ....................................@.................................sC..O....`..@...............0(...........A..8............................................ ............... ..H............text....#... ...$.................. ..`.rsrc...@....`.......&..............@..@.reloc...............,..............@..B.................C......H........(.. ........... @..X...xA......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*.......%...(....*.(....,.r...p......%...%...%...(....*.......%...%...(....*..0..A.......(....,!r...p......%...%...%...%...(....*.......%...%...%...(....*.~....*2r...p.(....*B.....(.........*..(....*R.....(...+%-.&(....*^.....(.....(...+&~..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Diagnostics.DiagnosticSource.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):51760
                                                                                                                                                                                                                                        Entropy (8bit):6.235108733243218
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:bzpj9H0/bvvmNAkkOMo/23e3vggrkrD9Bxjpm2yuIFLlHTUpa/hDXEpYinAMxCWC:bzpjF0/t043e3vggr83jMYa/hU7HxVJU
                                                                                                                                                                                                                                        MD5:30BD9DF0841299E8FA11340B83A441B0
                                                                                                                                                                                                                                        SHA1:36447785062CB3DFDF9A1E03548EFD348760458F
                                                                                                                                                                                                                                        SHA-256:801BB92AA7A8840148FE548ECE4B7291C0E4FA73712FE2497074C925ECC906B9
                                                                                                                                                                                                                                        SHA-512:830B821EE5BF401A6B95662EE191FC8BF08BF64D4D8BFBDB0E142D303AB241C41C4134883C0851B4D5DAF49F598454CE33595787C7084B4F9504794D9B07E54B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0.................. ........... ....................................@.................................X...O.......................0(.......... ................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........J...g..........p...0.............................................{!...*:.(".....}!...*..0..#........u......,.(#....{!....{!...o$...*.*v ..yN )UU.Z(#....{!...o%...X*....0..M........r...p......%..{!....................-.q.............-.&.+.......o&....('...*..{(...*:.(".....}(...*.0..#........u......,.(#....{(....{(...o$...*.*v ..:. )UU.Z(#....{(...o%...X*....0..M........r-..p......%..{(....................-.q.............-.&.+.......o&....('...*..{)...*..{*...*V.("...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Memory.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):138288
                                                                                                                                                                                                                                        Entropy (8bit):6.179673461309118
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:MP3XFz0qjCIIMAxlUXsKovHO420kN1A6C8Ily:Mh0qjC5RMOHO420kN1Z
                                                                                                                                                                                                                                        MD5:37C069A058DC803C83C43DF6681907DA
                                                                                                                                                                                                                                        SHA1:ED522080452C472560A74F4B979BDC5CFE1643E7
                                                                                                                                                                                                                                        SHA-256:9CD89ED91343ABF19DEF9EE1809AC28765EB3D63E5597583D3D183156D8B3C62
                                                                                                                                                                                                                                        SHA-512:1F38E4153FBFF9C996C3348A325AC3E9B43118D97F5E51B1099D09C61BFC4D772ADE110603D479403317AD76AD42F494E55A58E278F825EFBFA6E1ABEE246929
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0.................. ... ....... .......................`......!.....@.................................3...O.... ..0...............0(...@..........8............................................ ............... ..H............text...\.... ...................... ..`.rsrc...0.... ......................@..@.reloc.......@......................@..B................g.......H........ ..............P.......8.........................................(&...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....('...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o(....{....(X...*..(....zN........o)...s*...*.(....z.s+...*..(....zF(L....(F...s,...*.(....z.(M...s,...*.(....z.s-...*.(....z.s....*..(....zN........o)...s/...*.(....zrr...p(S....c.I...(F...s0...*.(....zBr...p(P...s0...*.(....z.s1...*.(....z.(O...s2...*.(!...z.(V...s2...*.(#...z

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):17968
                                                                                                                                                                                                                                        Entropy (8bit):6.674524887219165
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Hh06sbbVVPWU2W+Nyb8E9VF6IYinAM+oCeBr882HW:Hy9eEpYinAMxCAT2HW
                                                                                                                                                                                                                                        MD5:3D126403FBA7BC6FAC6E6ABF5FCE09E8
                                                                                                                                                                                                                                        SHA1:70B60D649EB174C109C0A6DC873444473D956694
                                                                                                                                                                                                                                        SHA-256:D2B815734C2683E7759DEEA3019FCD2B19F5B879CFA3BA02620619DBCAF73E38
                                                                                                                                                                                                                                        SHA-512:BC0D56E79471051228DB678AC686BE96BEA6697C2376AE28574EDBAD52CF827AE720A7F733B6FE96B2757610771137B6E6A6CF86B787128136D17B232F09569D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....._...........!.................3... ...@....@.. ..............................R.....@.................................@3..K....@..................0(...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p3......H........$..0...................P ......................................._.%c......=.n')...(v..:}.d...3...B...).. .:Q(....L.jt....}Xv.b7y0r.[..$.....q..c.6.....p..2..qHv/.pb.=..9.o"z.. 0P.t%H....U...0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0..........*....0................*..0...............*...0..............

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Runtime.InteropServices.RuntimeInformation.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                        Size (bytes):27184
                                                                                                                                                                                                                                        Entropy (8bit):6.335679732582514
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:Qn1VM0JrpNWDcIh6leOiDFIFBYp1+/EpYinAMxCF:QnvXYcIh6yFIFBYpc47HxG
                                                                                                                                                                                                                                        MD5:14C4B9D7E63166E65ECCD9A74A55BC4A
                                                                                                                                                                                                                                        SHA1:C1F849748FBC76EC9BF9BF934135860242CE1928
                                                                                                                                                                                                                                        SHA-256:83BBFBEDA8EFB1745ECDDBEE0FB16ECAE1E6524461FE075B90C700E34C78498F
                                                                                                                                                                                                                                        SHA-512:C2774C72B62148FFFF05B2714F4720D212F52F740812D307D683D66709D77FD06F325A4DB25D952B9B2CCA5A1DD60CEDFCBFB6420FA5CE1A81B9D711395671A1
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Ub.X.........." ..0..8...........W... ...`....... ....................................@.................................dW..O....`...............B..0(..........,V............................................... ............... ..H............text....7... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............@..............@..B.................W......H.......4%..p/...........T.......U......................................r~....-.(....s.........~....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*.......%...(....*.(....,.r...p......%...%...%...(....*.......%...%...(....*..0..A.......(....,!r...p......%...%...%...%...(....*.......%...%...%...(....*2r...p.(....*......(....*2(.....(....*^~....-.(.........~....*..0..........~..........(

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.ValueTuple.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):73264
                                                                                                                                                                                                                                        Entropy (8bit):5.95485496879401
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:6784YWac+abptsy5VyYc/9n1RcGxzeeUVn9KyQgHo0JuresehaAR7HxRY:67N1r9KGI04CCARLY
                                                                                                                                                                                                                                        MD5:B742B57BE990E57E0D079CFAF918E086
                                                                                                                                                                                                                                        SHA1:00652CB0AD4ABCE039397AF2308B2D6D251A2B09
                                                                                                                                                                                                                                        SHA-256:8929394DD35DBF2592AAE46E1063D38D782122F2A7F6A0248A754817E4394823
                                                                                                                                                                                                                                        SHA-512:2CD15A7F0626AD3BBA10431AEEFEDE1A195987BA609EC01A51083EEEF11DA516FF4D0678451372106A27A66E013A1012FB00E74CB4F4125C7F451559DE326908
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0.................. ... ....... .......................`......4T....@.....................................O.... ..P...............0(...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H.......$...h...........................................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o ..........o!...........o"........*...o#..........o$..........o%...........o&...........o'........*....0..L.........o(..........o)..........o*...........o+...........o,...........o-........*.0..Y.........o...........o/..........o0...........o1...........o2...........o3...........o4.... ...*....0..k.........o5....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring.zip

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3585766
                                                                                                                                                                                                                                        Entropy (8bit):7.9999279847863685
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:98304:XOzuWD7XM4OvRQW56YWuCrMXa7ANNBvlXWKCI:XauWD7cjGKWuyOr
                                                                                                                                                                                                                                        MD5:E010D1F614B1A830482D3DF4BA056F24
                                                                                                                                                                                                                                        SHA1:5873E22B8C51A808C06A3BBF425FCF02B2A80328
                                                                                                                                                                                                                                        SHA-256:98A98DD1DF25D31A01D47EAF4FA65D5F88BC0AD166F8F31D68F2994B4F739A9B
                                                                                                                                                                                                                                        SHA-512:727877929530E08062611868FD751D1B64E4C7D28C26B70F14C7CD942B1AE1579CBA2A2EF038BAD07032EF728AE277963FFB3E1AB7A5C28351326FABAD84DAA6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:PK..-......6>Y.^.S........1...AgentPackageMonitoring/AgentPackageMonitoring.exe....0........p........_L........v.w.../.E..l1.=.8..F.....|..%J.....QB..+.C#.(...Y..*FC.j./.?..#WJ.T......3.P....7^p5.g.`.. .m.h..U..(\.OlC.U...,...l~..Noh.q....Ai.'.EuZ..!z..5w4..&..4..b.__...7u..^.Wv.1.:.|....}..I....F..W..Ko]_j.mk..v..-....CW.....%x....&...o.:I.~.C..#%S..U...f$..n.........WE.....>...d...._M.|....(..?..i. Z.d......{..C.P....57.QR...._iN...r.t..IG..tFs..r.%..b.I.C......`Dd..8U.h..T.C..q....7.i.L..S!m"..).s."..H....W..b....X.l.C..'..#M....gB}k4..{K.&..s.<.^..Q....Q..c..&..BO..W.".\...!.CR..,o<.X>....,.-.[.^1H^r.)q. L..#.?...0..j.,r.`#..Rq"K/.B.:.....V...hX_..ja.........[.)&....C...../../......IZ2..v .@G...*F....nf. .@w.9o.,.....X.i.K/.}\!..7.a.w....:.x.$gE..DG..V...t...K...M.$...b..{.u.4..1..]."..o.n8dQ<...q.....d.(..Y...U...../n.....*y+..%.+.D.}W.&&.U.Z...c#.mU(.......d(.......x....r".g/O.....5..|(p..XG...'7].3.A.Y.&.&D$.".|...D..d\.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):398384
                                                                                                                                                                                                                                        Entropy (8bit):6.2554691460003795
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:OLrnDNjiDx+xdShTv/51LtpYbgPuXhN2sHY:OLcDx+72/51+cuXhN2Z
                                                                                                                                                                                                                                        MD5:5E3252E0248B484E76FCDBF8B42A645D
                                                                                                                                                                                                                                        SHA1:11AE92FD16AC87F6AB755911E85E263253C16516
                                                                                                                                                                                                                                        SHA-256:01F464FBB9B0BFD0E16D4AD6C5DE80F7AAD0F126E084D7F41FEF36BE6EC2FC8E
                                                                                                                                                                                                                                        SHA-512:540D6B3CA9C01E3E09673601514AF701A41E7D024070DE1257249C3C077AC53852BD04AB4AC928A38C9C84F423A6A3A89AB0676501A9EDC28F95DE83818FB699
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..../............"...0.............2.... ........@.. .......................@......<.....`.....................................O.......(...............0(... ......0...8............................................ ............... ..H............text........ ...................... ..`.rsrc...(...........................@..@.reloc....... ......................@..B........................H........0..d.............................................................{'...*..{(...*..{)...*r.(*.....}'.....}(.....})...*....0..Y........u........L.,G(+....{'....{'...o,...,/(-....{(....{(...o....,.(/....{)....{)...o0...*.*.*....0..K....... bHQ. )UU.Z(+....{'...o1...X )UU.Z(-....{(...o2...X )UU.Z(/....{)...o3...X*..0...........r...p......%..{'......%q.........-.&.+.......o4....%..{(......%q.........-.&.+.......o4....%..{)......%q.........-.&.+.......o4....(5...*..{6...*:.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1459
                                                                                                                                                                                                                                        Entropy (8bit):5.033662307409642
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:2dErdGPF7Nv+13vH2/nVhOXrRH2/d9XF7N0PH2/+w39XF7NQ7uH2/F9y:cErU7h+1/gn27Rgdz7Eg+w3z76agFw
                                                                                                                                                                                                                                        MD5:C6ECF24757926EBA64E674BFF8B747D1
                                                                                                                                                                                                                                        SHA1:3A46083826C20E8E085C42BBFDFEEF4F9E2B90D9
                                                                                                                                                                                                                                        SHA-256:C3EC04142C15B0A237E72CE1C3C85D19CD1231B9824F7A9854E7909A74B7BECC
                                                                                                                                                                                                                                        SHA-512:EFABB9883ADB098A90115E8938C92B76BBB8D2EB5DE170ECFA205EE949A2D722E0F97F6E01F9A71AC8B5FA2108B9FF82FA0171759D50E30D0AB5FC1948BDCE15
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Microsoft.ApplicationInsights" publicKeyToken="31bf3856ad364e35" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-2.9.1.0" newVersion="2.9.1.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Buffers" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.3.0

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.ini

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12
                                                                                                                                                                                                                                        Entropy (8bit):3.584962500721156
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:WhWQn:WZn
                                                                                                                                                                                                                                        MD5:5796D1F96BB31A9D07F4DB8AE9F0DDB3
                                                                                                                                                                                                                                        SHA1:93012724E6CC0A298838AEDE678806E6C0C6517D
                                                                                                                                                                                                                                        SHA-256:A90D255CCE3B419641FA0B9BA74D4DA464E0CE70638A9C2EBA03D6B34FCA1DC4
                                                                                                                                                                                                                                        SHA-512:890112DDCB3B92B739C0DD06721EFA81926CE3AAB04C55CDADB8C4E6B7A28C9796F08F508249DB189547DC4755804AA80CC8B104DD65C813A0450AAD2CDDA21C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:version=37.8

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):102448
                                                                                                                                                                                                                                        Entropy (8bit):6.190879178656762
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:gPAt6+FT+ZGodV5iYbYSWd85e+ZS5sSak42QhLks2OL87Hxm:g2bYbYSWd85I5sSakFQhHL8g
                                                                                                                                                                                                                                        MD5:A86884A9A1C75604B2114E09B738FCF9
                                                                                                                                                                                                                                        SHA1:A82B444BF09CFCAE36F532C4EB4B8C5EF0933F6A
                                                                                                                                                                                                                                        SHA-256:EEF751E3B01C4071A1BA34E96B663E93631C51485AF31055C3EB2F75866F9FEC
                                                                                                                                                                                                                                        SHA-512:4B97A3D4C37129440816D0524CDB1C485AE68B6C6735857C157D7EA76ADD91241B7185C831C646713CFB4DFB3EC95E577F98088D08ACBB0313837CA584474299
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5*f.........." ..0..^...........}... ........... ....................................`.................................`}..O.......8............h..0(..........(|............................................... ............... ..H............text....]... ...^.................. ..`.rsrc...8............`..............@..@.reloc...............f..............@..B.................}......H........s..|............................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p(....r...p(..........(....(......&..*........00......:.(......}....*..0..Z............( ...,......(!...*~..........("........( ...-..(....s#...........,..($.........(!...*..........&E.......0..G........{....,.(......5~%...r'..po&...rm..pr...po'...tR...r...p((..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.CommonLib.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):95280
                                                                                                                                                                                                                                        Entropy (8bit):5.997149012234495
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:S4aRSNSrXS5EaKoDMsUVl0HAWMco2bJkj87Hxsfn:S4auS7S5Ea6WMcpu8Mn
                                                                                                                                                                                                                                        MD5:0E5155ECBE5A1797644F1610DAA15583
                                                                                                                                                                                                                                        SHA1:89677E0F9443D52C73D4E0B91C5AEE5215EC4E88
                                                                                                                                                                                                                                        SHA-256:9BAF23C814DD100B2AC9511C9A2E5302DEE1FFB1807DEA021E1D317BA36901CA
                                                                                                                                                                                                                                        SHA-512:3F80A871547BDF47F0A5B58F54B9597D0894580FCEE8F53DD08C8A80658697FA9C9426AB8D47A40B0CDCF53D11769C654D26A3B530AD39A3A6E37D468CA309D3
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.CommonLib.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=$..........." ..0..B..........b`... ........... ..............................d.....`..................................`..O.......4............L..0(..........h_..8............................................ ............... ..H............text...h@... ...B.................. ..`.rsrc...4............D..............@..@.reloc...............J..............@..B................A`......H.......Lh................................................................(......}......}.......}.......}........o<...}....*..{....*>.{....o.......*v.{....o...........s....(...+*...0..<........{....o.....{....#.......@(....o.....{......o........&.....*........55........{....o.....{....#.......@(....o.....{......o....*..0..$........(......`...%..".o......{.....o....*Z.(....r...po ...o....*..{....o/...r...p.(....(....o%...*6..(....o....*..{....*..{....*.s....z.s....z.s....z.s..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.ModelsV3.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):75312
                                                                                                                                                                                                                                        Entropy (8bit):6.240342116807372
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:bu2lKxktXgl4icipJNz671/nVYWREDnAvk2jkbukZmyJsldySMcAn9fG1EcfgrYM:iF+qo7mDEwj4NXLGcfgruFcg7HxRM7
                                                                                                                                                                                                                                        MD5:F64746D633211D129AEC5DB988BCC9B1
                                                                                                                                                                                                                                        SHA1:78E7047265B0DF15C54FE84261D2A0B3568FEF31
                                                                                                                                                                                                                                        SHA-256:9EC285FDB857D5618FBD794464135BC56823B08146EA41F24FCEC3135F0E1C0B
                                                                                                                                                                                                                                        SHA-512:31BCE8F3DC415F562354044BA490A9252E6C20CAA38D5162AB3929111566BCA7E97D609EACAC4712E814AA8AACFCB7B32360E4F6EE5521D6223DCC4617A5614F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.ModelsV3.dll, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.ModelsV3.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6............" ..0.............F.... ... ....... .......................`............`.....................................O.... ..................0(...@..........T............................................ ............... ..H............text...L.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................%.......H.......t<..`.............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*...0...........(.....(.....o....(....*.0...........(.....(.....o....(...+*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..(..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.Utils.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):51760
                                                                                                                                                                                                                                        Entropy (8bit):6.408313907878965
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:RQMnMYPWMXMwtKsSdj3xn91SPSvwzE8Kku6P3A+wf+bMEpYinAMxCk15:R9MYPJS/16/E8/3A+++bF7Hx315
                                                                                                                                                                                                                                        MD5:1CAB625AAF9CBCAB46B1455BCA45EF4C
                                                                                                                                                                                                                                        SHA1:274A3B9134AA4530110F29C1858A85D86D4A396D
                                                                                                                                                                                                                                        SHA-256:1CB4C57049F47E3EEFB1C2BAB2BA34A17ABDA610DC3D4D331A9B33B40B00307F
                                                                                                                                                                                                                                        SHA-512:BF4A53BFB9DCF13C87ED6E79640371908C73E7D67765B724C509B4EB7F3F66962F0883094640497CCD2FFCD255D1E46A50B33850E8B0B2D1CC684D40DE24F5D7
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.Utils.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D............." ..0.............b.... ........... ....................................`.....................................O.......4...............0(..........$...T............................................ ............... ..H............text...h.... ...................... ..`.rsrc...4...........................@..@.reloc..............................@..B................B.......H.......|E...q...........................................................0..........(.....o.....s........s............io........,...o.......jo....s....&.o.....O.........io ...&..i.X.O..........i(!.....i(".......(!....(#...*.........*.......0.._........($....s.......(%........i.Yo.....O......jo......s&.......io ...&(........io'.......,..o......*.........FS........((...*2.~....(....*....0...........()...,.r...ps*...z.()...,.r...ps*...z.....~....s+....s,.......o-....[o....o/...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Dapper.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):155184
                                                                                                                                                                                                                                        Entropy (8bit):6.247374284901675
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:A0feG0EI+t80zE04kjSnY2QJ6lwZaBsEFmWF+YkY:1P80zukOltwW9
                                                                                                                                                                                                                                        MD5:12572F87CCF0E40406B3554A1A6D3905
                                                                                                                                                                                                                                        SHA1:C9E238EF065D38400D084265EE056B2ABB694224
                                                                                                                                                                                                                                        SHA-256:6FDB589EBADF91A869EAA3A850B0FB17A8AB96BED78422E28F7EFAF63BC040F9
                                                                                                                                                                                                                                        SHA-512:D397888AACB1B787662B1678A24E24DDFA7A42C5363AC673706934A1A42E13F5ED55956D478FAF0998C77891A64F5F26E85DCFA7FFC0A6AE87DF26B3C24C4314
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...%%.W.........." ..0..............M... ...`....... ....................................@.................................lM..O....`...............6..0(..........4L............................................... ............... ..H............text....-... ...................... ..`.rsrc........`.......0..............@..@.reloc...............4..............@..B.................M......H.......d....G...........................................................0...........u....,..s....*.........*Z.(....u-...%-.&*o....*..{....*..{....*..{....*..{....*..{....*2.(....._...*2.(....._...*..{....*2.(....._...*...}......}......}.......}.......}.......}.......}....*>.........}....*..{....*...0...........o].....o^...(....%-.&+..o_....(....,...(....o`.....(....oa....(.......(b...,...(.......(c...od...+"(.......(b...,..(.......(c...od....(.......(e...,...(.......(f...og.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\ICSharpCode.SharpZipLib.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):215088
                                                                                                                                                                                                                                        Entropy (8bit):6.030878409231256
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:x1uYsjrFIzmuxpOI/1MvCdRbpSISC8j7sA:YIzm6pOIgvr75
                                                                                                                                                                                                                                        MD5:44EBFB8CE52A4EFEDF07DA6875CA230E
                                                                                                                                                                                                                                        SHA1:824585DB12A35588F25C0CC5DA77EAEF94011CAD
                                                                                                                                                                                                                                        SHA-256:292F94823959CAFAAA77B81C0A490EA9ACF90B2553727BF3E74C1AE3A7F8AC01
                                                                                                                                                                                                                                        SHA-512:89DD6F5E827A9E23A8F7DBA8F89F55F2A01B290756AE7A6371A5934E9AFC6B3C5702DC0CADAB061405AEA4F2AC275902D8094E7A0ECDA29C8A438C6BCE46ABD0
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....*............" ..0..............'... ...@....... ..............................`.....`..................................'..O....@..t............ ..0(...`.......&..T............................................ ............... ..H............text........ ...................... ..`.rsrc...t....@......................@..@.reloc.......`......................@..B.................'......H........... ...................$&........................................( ...*"..(!...*&...("...*&...(#...*2.r...p(....*"..(....*&...(....*&...(....*2.rE..p(....*"..(....*&...(....*&...(....*2.r...p(....*"..(....*&...(....*&...(....*J..r...p($...(....*v....(%.....(%.....(%...(....*....L...%...%.r...p.%...%.r...p.%....%.r+..p.%...(&...(....*..(....*&...(....*&...(....*.0..)........{.........('...t......|......(...+...3.*....0..)........{.........()...t......|......(...+...3.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\LastWindowedEventsProcessed.json

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                        MD5:99914B932BD37A50B983C5E7C90AE93B
                                                                                                                                                                                                                                        SHA1:BF21A9E8FBC5A3846FB05B4FA0859E0917B2202F
                                                                                                                                                                                                                                        SHA-256:44136FA355B3678A1146AD16F7E8649E94FB4FC21FE77E8310C060F61CAAFF8A
                                                                                                                                                                                                                                        SHA-512:27C74670ADB75075FAD058D5CEAF7B20C4E7786C83BAE8A32F626F9782AF34C9A33C2046EF60FD2A7878D378E29FEC851806BBD9A67878F3A9F1CDA4830763FD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:{}

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Microsoft.ApplicationInsights.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):354352
                                                                                                                                                                                                                                        Entropy (8bit):6.153589479592355
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:Qr/iEF3zTxesPlx5zIAUH+2n8G4smIkuxhnCq7a/ZmvY2:Qhpp9xxIBeXGfvY2
                                                                                                                                                                                                                                        MD5:53594510735A737A2B25AF4B396EFE8F
                                                                                                                                                                                                                                        SHA1:3F4664E88F44BBDCA29AFFB78D866A76ED128965
                                                                                                                                                                                                                                        SHA-256:DFBBDBA40745B2FCDEC5973D1BB0352DD8618996A6231411C48D87D11C63D07A
                                                                                                                                                                                                                                        SHA-512:D9EBC5B83D8727E596EA6A72C49F58C5CB2BC02EC24B432709BCAA7C1C49E267F85520315EF644EC75DC24E3A5D49F64292A295822B27EDEFF452F552D8B89AE
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j.Y..........." ..0..8..........nW... ...`....... ....................................`..................................W..O....`...............@..0(..........HV..8............................................ ............... ..H............text....7... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............>..............@..B................OW......H.......`...ht...................U........................................{*...*..{+...*V.(,.....}*.....}+...*...0..;........u......,/(-....{*....{*...o....,.(/....{+....{+...o0...*.*. S]G. )UU.Z(-....{*...o1...X )UU.Z(/....{+...o2...X*.0...........r...p......%..{*....................-.q.............-.&.+.......o3....%..{+....................-.q.............-.&.+.......o3....(4...*..{5...*..{6...*..{7...*..{8...*..(,.....}5.....}6.....}7......}8...*....0..k........u......,_(-

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\NLog.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):883760
                                                                                                                                                                                                                                        Entropy (8bit):6.071511083932349
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:o1n1p9LdRN39aQLU0NnWSo7NReIGeFTiQaMcK2VJNUR10+xMhCJqtgsxUsQs:o1n1p9LdRN39aQZUq1
                                                                                                                                                                                                                                        MD5:286642CD396C5B6CADC906B112B493EE
                                                                                                                                                                                                                                        SHA1:CB625FDBD26798B3042BC5CFFD010F4E73CDAF1B
                                                                                                                                                                                                                                        SHA-256:004BF709595E808AE59558AE7510A40277B7E31D99A5580B0E07F136EAE09130
                                                                                                                                                                                                                                        SHA-512:49773E5AD432F893C559308DA144596CE1DFB967DB5FCFB1805528CC7535E70A181ED8801CAE43A47B58656C9925A236B06A4F2C67802A1A875A3DCE3C9002DD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..F..........:d... ........... ....................................`..................................c..O....................T..0(.......... c..T............................................ ............... ..H............text....D... ...F.................. ..`.rsrc................H..............@..@.reloc...............R..............@..B.................d......H........%...2...........W.......b......................................"..(....*..(....*"..(....*..(....*..(....*..(....*.(....*"..(....*...0..B.......~..........(b...~....,.~.....oc......+...(......od......,..(e....*........../7......"..(....*6.(.....(....*..0..........(.......of...&.*.(....og...*2(.....oc...*....0..?.......~..........(b...~....,.~.....oc...+...(.....oh...&...,..(e....*.........,4.......0..?.......~..........(b...~....,.~....oi......+...(....oj......,..(e..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Newtonsoft.Json.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):710192
                                                                                                                                                                                                                                        Entropy (8bit):5.960469418569573
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:2BARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTUD:2BA/ZTvQD0XY0AJBSjRlXP36RMG6
                                                                                                                                                                                                                                        MD5:B61A163EC8F1E6A3A3572A90BA23F7CB
                                                                                                                                                                                                                                        SHA1:467FBA9F1C171B58B76F4E9E24ABA1CE5C91D02F
                                                                                                                                                                                                                                        SHA-256:87DA900259BEA3BB65D984FB6FCD3134661E3EB0883EBF24981D50CA5D36F51A
                                                                                                                                                                                                                                        SHA-512:87EADB61D95EF67CEA0EC8CF15C2E285AFF8C92941ADB47DBCE6886796DE45B4940EFA803D2A9333FADD09473E1B1A34660042D12562FB07EAF4A59C401244CA
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... .......n....`.....................................O.......................0(.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\OpenHardwareMonitorLib.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):293424
                                                                                                                                                                                                                                        Entropy (8bit):6.121629065121692
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:admT7N9hXNx16L/kakZieD2C6gVkRYKn6nUa9K+yB:adc7N/WkQHr64B
                                                                                                                                                                                                                                        MD5:3362FDB62A7980CA70C44B4DBDA5BE9B
                                                                                                                                                                                                                                        SHA1:77B328FD868E9BE19165C39B541E815BAD1FE13F
                                                                                                                                                                                                                                        SHA-256:A6B74A797384F89B692F2E1027A3F73B4FAD2A97914208158869A33068132A1C
                                                                                                                                                                                                                                        SHA-512:D0441E5C747707434C02A64E8FF3A49EDF33CFF2C9D22F2C22E8BDFEBC30A3CDF79B2ED96B8ABD819ECD042876BAA77C32E119EBB05BA0ECAC73DFE2BF971E86
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....:.d.........." ..0..H..........rb... ........... ..............................k.....`................................. b..O.......$............R..0(........................................................... ............... ..H............text....F... ...H.................. ..`.rsrc...$............J..............@..@.reloc...............P..............@..B................Tb......H.......\....V...........................................................0...........(......o......e...%.r...p.s....}......}......}.......}......{......e...%.r...p.s....o....r...po.... ....(.....|....(....-.."....}......{......e...%.r!..p.s....o........(....(....o.....(......(....-...}....*..}....*..{....*..{....*..0..a........{......W..}.....{....,..{.....o.....{.....{......e...%.r!..p.s....o.....{.......(....(....o....*..{....*....0..Z........{......P..}.....{....,..{.....o

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Polly.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):277040
                                                                                                                                                                                                                                        Entropy (8bit):6.190725872261733
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:ISOIleacQlBh2YQMoIBhpq01TLvlj9b6gRZNsRYl5:XuQlBAMW0BvltxZ66
                                                                                                                                                                                                                                        MD5:66C97A4217593113658977F5AEFC18D8
                                                                                                                                                                                                                                        SHA1:A7E4FF9BDB3800C1E93A0D521B53E344A10699FF
                                                                                                                                                                                                                                        SHA-256:9AD65CC593BFC60815124C6377A8F3EA4F031BCA01C688FB543B50A2B6418764
                                                                                                                                                                                                                                        SHA-512:D2A474718A38AA0EA738200D7584A5C21552DC76428176026C5509AE606FEA534F4AEABEDF93D5BAE5735754D82B2D93E4CFB67BCFEA9A435147D7BB4B1F0722
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............'... ...@....... ..............................?a....@..................................&..O....@..L...............0(...`.......%..T............................................ ............... ..H............text........ ...................... ..`.rsrc...L....@......................@..@.reloc.......`......................@..B.................&......H.......L[......................`%......................................^.{....,.(:...z..}.....*^.{....,.(:...z..}.....*"..(?...*"..(@...*...0..,.......sp......}........q...s7...sj....{.....(....*.0..-.......sr......}........s...s7....ss....{.....(....*....0..(.......st......}........u...s7.....{.....(....*.0..'.......sv......}........w...s7...sj.....(....*B...ss.....(....*......(....*.0..'.......sx......}........y...s7...sj.....(....*F...ss......(....*....0..Z..........}....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\StructureMap.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):284208
                                                                                                                                                                                                                                        Entropy (8bit):6.117308680869445
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:QZgOtIGgeCEwNN4uaNZLVJ8ViVvW18KHxmeWntxX4xHe:Ggo0WPVTXg+
                                                                                                                                                                                                                                        MD5:A6D30251ED124D7656F523A7DF177D09
                                                                                                                                                                                                                                        SHA1:48092D267E067C1967B5ACF1AEBD9A18F0B91515
                                                                                                                                                                                                                                        SHA-256:EC81827B885C0B109AAA3882469BB41D26871274B2E39D3B227FBD18858BF6A3
                                                                                                                                                                                                                                        SHA-512:466809068B5813AC5531D9E5C76BA080A3A15B0D1AFF2A7187149CD5366D990DFD07DF1D51EEB8FCC656ED5C2D1C099AC32E0416F219FC38B64BD1A2351EE502
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....7..........." ..0..$...........C... ...`....... ....................................`..................................B..O....`..D...............0(...........A..T............................................ ............... ..H............text....#... ...$.................. ..`.rsrc...D....`.......&..............@..@.reloc...............,..............@..B.................B......H.......X~..x.............................................................o...+*..o...+*..(....*n.-..r...p.r...p(<...s=...z*...(.....o>...-.r...p.r)..p(<....s?...z*.0..9..........o@......+$..........(A....oB...(...+,...+...X....i2..*..(D...*....0..n.......sE.....oF......+A.......(...+,/..oG....,.rc..p..oH....oI...(J...sK...z...oL.....X....i2..oM............oN....*..(D...*...0..E........oO....+..oP......oQ......8...,......o....-....,..o.........8.....*.*...........'.......V.-.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Buffers.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22064
                                                                                                                                                                                                                                        Entropy (8bit):6.677526036924594
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:gy/fjFwUI/KQyVvKdDhG6ISDFWvYW8aoNyb8E9VF6IYinAM+oCOq9tH6:guhMaVmzDC67EpYinAMxCQ
                                                                                                                                                                                                                                        MD5:8F678B241B955CF86CF65136ADE90539
                                                                                                                                                                                                                                        SHA1:DFD92464B9C5D6822062721C7C3497CD30850CC4
                                                                                                                                                                                                                                        SHA-256:15F8EEDC717B18D1A43BB3295BE6787E0DF002C284A06A4B9198851BCCFEB7F2
                                                                                                                                                                                                                                        SHA-512:482E6E33F22D7DC68D075600E3C6131A0B563796E34BEBE6352BE8455BD4ECC72F7B682C3E203FEE9CED67C78B60A96B58037CA7499D4F0F86E0B33AB836F048
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..$...........C... ...`....... ....................................@.................................sC..O....`..@...............0(...........A..8............................................ ............... ..H............text....#... ...$.................. ..`.rsrc...@....`.......&..............@..@.reloc...............,..............@..B.................C......H........(.. ........... @..X...xA......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*.......%...(....*.(....,.r...p......%...%...%...(....*.......%...%...(....*..0..A.......(....,!r...p......%...%...%...%...(....*.......%...%...%...(....*.~....*2r...p.(....*B.....(.........*..(....*R.....(...+%-.&(....*^.....(.....(...+&~..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Data.SQLite.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):409136
                                                                                                                                                                                                                                        Entropy (8bit):6.098204637389941
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:bPaYZ6henFNFfcaFeFOFwcGF6cmFWc0FWc8cIcKcUFJFpcNcHc7cbchFFc5cbc17:p6heZBJm333M89QA+
                                                                                                                                                                                                                                        MD5:5B3639406ABB5AD7F16A90124B708862
                                                                                                                                                                                                                                        SHA1:466DB9D6BC5F2A8EB205E5F3A7F2EC8C52809597
                                                                                                                                                                                                                                        SHA-256:83717328623F05F5987DC258332BCA21C1F2858B7CE6B834AF5DA687B0948847
                                                                                                                                                                                                                                        SHA-512:F10717408E0140C8DBEFCCE9501CF03B86CECD32F2B55770879C28E21D793E45BD8B7EEED52E56E3386000A7BEEF7F0BDD05EBEFF99A44D1056512F48063F71C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...3.c...........!.................+... ...@....... ....................................`.................................H+..S....@..p...............0(...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B.................+......H...........tM..........PM..J...P .......................................6K/.%.L....7.......2.x..`..P.k:k.......0\W.j...;..xX.~..HB..S@.$.m...)4..<S1...C.Y......#ku.k&..2<..i{..>....U...s.'{:.(......}....*..{....*:.(......}....*..{....*r.(......}......}......}....*..0..5........-..*~.....o.....X...v....~.......o......o .........*6..(....(....*"..(....*.0..T........~!...("...-..-.~#...*../....+...X....($...-..-.~#...*..v........(%...~.......o&...*Z.~....2..~.........

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Diagnostics.DiagnosticSource.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):51760
                                                                                                                                                                                                                                        Entropy (8bit):6.234968936412768
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:3zpj9H0/bvvmNAkkOMo/23e3vggrkrD9Bxjpm2yuIFLlHTUpa/hDXEpYinAMxCWu:3zpjF0/t043e3vggr83jMYa/hU7HxVu
                                                                                                                                                                                                                                        MD5:BDFEF14C7A661E237F27B79E4FE950F6
                                                                                                                                                                                                                                        SHA1:83F7DC1950211EBEC2B326D0778E6A46781CF892
                                                                                                                                                                                                                                        SHA-256:689AF98555A3D5A36FE8841AD39F9196F60A6A5400A8CF41E6E0997F47E675F1
                                                                                                                                                                                                                                        SHA-512:1E698E4E1E6108524F48B6ED7720E0EE239679546FB429F415A52875C8FA0D5C0B2D8C3EE6F523D1B7E875D1FACA83B6A0EB5B62C0DAED414BDCB36FE0D5C043
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0.................. ........... ..............................b&....@.................................X...O.......................0(.......... ................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........J...g..........p...0.............................................{!...*:.(".....}!...*..0..#........u......,.(#....{!....{!...o$...*.*v ..yN )UU.Z(#....{!...o%...X*....0..M........r...p......%..{!....................-.q.............-.&.+.......o&....('...*..{(...*:.(".....}(...*.0..#........u......,.(#....{(....{(...o$...*.*v ..:. )UU.Z(#....{(...o%...X*....0..M........r-..p......%..{(....................-.q.............-.&.+.......o&....('...*..{)...*..{*...*V.("...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Memory.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):138288
                                                                                                                                                                                                                                        Entropy (8bit):6.179921646668756
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:YP3XFz0qjCIIMAxlUXsKovHO420kN1A6C8Ils:Yh0qjC5RMOHO420kN1X
                                                                                                                                                                                                                                        MD5:8DDC05CED2922285C9037C7D503A86AA
                                                                                                                                                                                                                                        SHA1:AD66BA39BE8639D86877B515A68EC3D7AD3E7753
                                                                                                                                                                                                                                        SHA-256:30D4499D9F96D1B081C5A8B5F9D9792900DE6767243CBEAD81F6244C33C799E0
                                                                                                                                                                                                                                        SHA-512:6B7E9AC11076C4FAEBF6F51610023BAF0F513DD0680CA2A07DA9AE5E6F6AC42EDBF8CA8F9ED210AC5F3C7D280E8ACBBDAFA4C6916ED2003B9D94693587EEF656
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0.................. ... ....... .......................`...........@.................................3...O.... ..0...............0(...@..........8............................................ ............... ..H............text...\.... ...................... ..`.rsrc...0.... ......................@..@.reloc.......@......................@..B................g.......H........ ..............P.......8.........................................(&...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....('...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o(....{....(X...*..(....zN........o)...s*...*.(....z.s+...*..(....zF(L....(F...s,...*.(....z.(M...s,...*.(....z.s-...*.(....z.s....*..(....zN........o)...s/...*.(....zrr...p(S....c.I...(F...s0...*.(....zBr...p(P...s0...*.(....z.s1...*.(....z.(O...s2...*.(!...z.(V...s2...*.(#...z

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):17968
                                                                                                                                                                                                                                        Entropy (8bit):6.676696708568243
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Th06sbbVVPWU2W+Nyb8E9VF6IYinAM+oCeBVmh:Ty9eEpYinAMxCAy
                                                                                                                                                                                                                                        MD5:2D491883E24603B382FDAD8840272070
                                                                                                                                                                                                                                        SHA1:78C442E11EA0B9ED3BBD09B19E6A18CC559CA58E
                                                                                                                                                                                                                                        SHA-256:EDF076BA91F6F5A808879D94A586D1BF78D5D0C8FDCD5399DE36FB6389301886
                                                                                                                                                                                                                                        SHA-512:0790CA5BB187AEFE4E5785C528C68E55EA4AFD642101A77A1D983599BC42AB4423723E910A0265CD9A5D3C7DFE0C9E9794DD6F6E8228B488A384647643C09C79
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....._...........!.................3... ...@....@.. ...............................w....@.................................@3..K....@..................0(...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p3......H........$..0...................P ......................................._.%c......=.n')...(v..:}.d...3...B...).. .:Q(....L.jt....}Xv.b7y0r.[..$.....q..c.6.....p..2..qHv/.pb.=..9.o"z.. 0P.t%H....U...0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0..........*....0................*..0...............*...0..............

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Runtime.InteropServices.RuntimeInformation.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):27184
                                                                                                                                                                                                                                        Entropy (8bit):6.332801634669375
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:kn1VM0JrpNWDcIh6leOiDFIFBYp1+/EpYinAMxCr/:knvXYcIh6yFIFBYpc47Hxk
                                                                                                                                                                                                                                        MD5:B62DB814A8E1C5C8F4DE32F142D7709F
                                                                                                                                                                                                                                        SHA1:DB5998A9C785E77A1152145615213EA31E06B289
                                                                                                                                                                                                                                        SHA-256:F3E5DDD22B8F044C9B45D99762F2A339077790AB049C1AAB152F70BC7127466E
                                                                                                                                                                                                                                        SHA-512:0F7DAE5AA68ED86A574F70478F99458C4A52B1913D232B20A58045EB1E49C83B9134DD90335FBCBEDEECF691EECE5A137FE06FF9F2F6B9D0607FACEA2C0D7C5B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Ub.X.........." ..0..8...........W... ...`....... .............................../....@.................................dW..O....`...............B..0(..........,V............................................... ............... ..H............text....7... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............@..............@..B.................W......H.......4%..p/...........T.......U......................................r~....-.(....s.........~....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*.......%...(....*.(....,.r...p......%...%...%...(....*.......%...%...(....*..0..A.......(....,!r...p......%...%...%...%...(....*.......%...%...%...(....*2r...p.(....*......(....*2(.....(....*^~....-.(.........~....*..0..........~..........(

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.ValueTuple.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):73264
                                                                                                                                                                                                                                        Entropy (8bit):5.955263962444665
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:6784YWac+abptsy5VyYc/9n1RcGxzeeUVn9KyQgHo0JuresehaAR7HxRq6L:67N1r9KGI04CCARLq6L
                                                                                                                                                                                                                                        MD5:F0A06E07C21B485434202D325B3AA058
                                                                                                                                                                                                                                        SHA1:6E4A0A572E3CA5A5B23D4633CE63300E3BB39658
                                                                                                                                                                                                                                        SHA-256:955FD5B1B046AFC9E62E2D0CA4698818FE1357EA764977D7A9B4A44C1F657169
                                                                                                                                                                                                                                        SHA-512:B398A6A66F184193CFA635D6B5DBA9ADB391782F2A82F4609ECB161A4340DC41C82F22A98FEB69F594B7DDF9FB677711BE1FBFA4D796146550E92D22DCA14D15
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0.................. ... ....... .......................`............@.....................................O.... ..P...............0(...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H.......$...h...........................................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o ..........o!...........o"........*...o#..........o$..........o%...........o&...........o'........*....0..L.........o(..........o)..........o*...........o+...........o,...........o-........*.0..Y.........o...........o/..........o0...........o1...........o2...........o3...........o4.... ...*....0..k.........o5....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\log.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4019
                                                                                                                                                                                                                                        Entropy (8bit):5.259071689985655
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:fgDOCg8O4YgFOigYgOVOhVWgBNNXzHSxBNN4zPzRlXNzSPeZgg9dSjedcdS4dS3S:o6YJYH8afhbZh9A6qA4AAADjAN
                                                                                                                                                                                                                                        MD5:110525AB58AD0C54D1226FADA96300C7
                                                                                                                                                                                                                                        SHA1:5A39A36AB31ACEFF679177A336B9BEE54DA56C41
                                                                                                                                                                                                                                        SHA-256:87A659EC47BFBD3A9E3CF8E41069F4A62E2E57AD64A3EDAC28F26D7E9B698E51
                                                                                                                                                                                                                                        SHA-512:6D5466CACE83679064A8591BB598BE672011AC4AA9A91ADFF78D7C4F19D0C21259E4EC28488EC1020BABD5709708ACA531CF22C5843D2435BFE7B2AD5E7B2568
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\log.txt, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\log.txt, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\log.txt, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:2024-11-08 07:39:18.0808|ERROR|WindowsWindowedEventLogProvider|Error on retry number 1: Could not find file 'C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\LastWindowedEventsProcessed.json'...2024-11-08 07:39:19.5808|ERROR|WindowsWindowedEventLogProvider|Error on retry number 2: Could not find file 'C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\LastWindowedEventsProcessed.json'...2024-11-08 07:39:21.7996|ERROR|WindowsWindowedEventLogProvider|Error on retry number 3: Could not find file 'C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\LastWindowedEventsProcessed.json'...2024-11-08 07:39:25.5964|ERROR|WindowsWindowedEventLogProvider|Error initializing last processed events, ignoring file, exception: System.IO.FileNotFoundException: Could not find file 'C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\LastWindowedEventsProcessed.json'...File name: 'C:\Progr

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 20, database pages 12, cookie 0xb, schema 4, UTF-8, version-valid-for 20
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):49152
                                                                                                                                                                                                                                        Entropy (8bit):0.946148398045616
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:Wu5C4OoNSN1eN+5NmreZDzWL8OO7QzyO+pC:j5PsveM5ketzy8OO7QzyO+p
                                                                                                                                                                                                                                        MD5:ADA9EE0C68AC7A41F1441E313B789F20
                                                                                                                                                                                                                                        SHA1:6719EAEAB707340C89B10F85911321E9B56F0CD8
                                                                                                                                                                                                                                        SHA-256:E7FE5DF13ECC95391092E6923118A4FBF1118CDE67CF156963929E7E8F36A40F
                                                                                                                                                                                                                                        SHA-512:1FE8CC7B49E681023BA96D4ED7F87DB028D8672E00CCFAC0E2A4CDD48263ED683F7311C927736206D8E961FE393243E80CD6F285A5D8A3A21F2E50AA35404811
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................c..............Z...?.j...I.:..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db-journal

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                                                                                                                                                                                                        File Type:SQLite Rollback Journal
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):8720
                                                                                                                                                                                                                                        Entropy (8bit):1.8951100294216143
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:7MuqcFu5C4OZUlFJNGdNGveXXQXN+5NG1Za:7Tfu5C4OoNSN1eN+5Nma
                                                                                                                                                                                                                                        MD5:C2524947C6403B68DBF1E8BF7B42E87B
                                                                                                                                                                                                                                        SHA1:E0190B66CE8FB7096B8F1AEF6188DE516422DBD9
                                                                                                                                                                                                                                        SHA-256:251CC59BA6ABEA4AE637A649D8B2297598B6DC608A7CC7C3C6611CCAFFFC38FC
                                                                                                                                                                                                                                        SHA-512:83E554A1CFDB862466C9CFD5D56FBAF33D87C73E7DE33196D700FA99FFB9594D8AD8F3BEEB3D7C246A1FE10927A6EB314A77E604DAD87FDD0C7D956C5840F0E9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.... .c.....Lj&.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\x64\SQLite.Interop.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1799216
                                                                                                                                                                                                                                        Entropy (8bit):6.520454988999628
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:GuvfmOhyS2RuhV0yGzcuHpRs8ulCfUk+qKuMhUwqPevJ8QNYfjmqBBLbNFEohFY9:RHmUMohVWpu8ul0UkTgNCfyo3G
                                                                                                                                                                                                                                        MD5:CBA9D50085EE939B987CF758C727DD62
                                                                                                                                                                                                                                        SHA1:DDC0FAF68995883AC754662C59C4295BB0A64E3B
                                                                                                                                                                                                                                        SHA-256:75E47A697A46E31811FAB8C5D9FE1ABA6BA095B6D13DC79A8C848BE308917C37
                                                                                                                                                                                                                                        SHA-512:A5F3D1B96535E0B523ECD71DC36FD3AF157C630874FF11DA29066C545114D256B14A5EE2BA725679C4192182D37DF6900AA69ECE228BAFCE909A482DFF43A1E0
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............g...g...g.>.....g.>...B.g.>.....g.3.....g......g...f.^.g../....g......g......g......g.Rich..g.................PE..d.....c.........." .................n...............................................s....`.........................................`t.......e..x....`.......@..`....L..0(...p.........8...........................@...p...............`............................text...$........................... ..`.rdata..............................@..@.data...0........z..................@....pdata..`....@......................@..@.rsrc........`......................@..@.reloc...,...p......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\x86\SQLite.Interop.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                        Size (bytes):1475632
                                                                                                                                                                                                                                        Entropy (8bit):6.791868709546672
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:TS3uuk58wXpQous2GCzbHwGTzsIDQAKub0MBsIFBm5fi/5ATA9NTTPjXWJD8qC:6dwXpQdNVNDQubXyi60jXTW98qC
                                                                                                                                                                                                                                        MD5:3B462EFAACFAEBA904109B4FD3FE641F
                                                                                                                                                                                                                                        SHA1:6DB8785E94FDC2152895396CB9B3D3945DA5D25A
                                                                                                                                                                                                                                        SHA-256:1F9F620D4D7D32670073C335A2DC88A5A5DCFA7A5FF18E914EC6CD8EA983105F
                                                                                                                                                                                                                                        SHA-512:7295B1F7E4437729DFDAED5310EB26B5F4A8B96A2B97ADA8F8466712A69946BAADB2588071B51D661F4FD2A6029A2914E3DB73914BD2FE1C74D725F204063EF2
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........?.rG^.!G^.!G^.!.._!d^.!..]!.^.!..^!.^.!.))!O^.!Y..!D^.!G^.!.^.!d.B!F^.!!.Z!F^.!!.Y!F^.!!.\!F^.!RichG^.!................PE..L...r.c...........!.........*.......:.......@............................................@.........................0B..:....5..x....................\..0(.........pB..8............................1..@............@..0............................text...p-.......................... ..`.rdata..j....@.......2..............@..@.data...tt...`...T...N..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates.zip

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2950153
                                                                                                                                                                                                                                        Entropy (8bit):7.9987653712188695
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:49152:sIiDtH34v82VnTxK+JeWJi+F70HLFkIZgblvk/QcMEisjQhmC:WI0W0+J9o+V0rFkMgdAQcMEDC
                                                                                                                                                                                                                                        MD5:91453D3E1E2BC9586CF5495073FB3CF7
                                                                                                                                                                                                                                        SHA1:09CFA9DC27545FB600DD7A60E44258C511EB43C4
                                                                                                                                                                                                                                        SHA-256:5D398C6CE0636EADD4B7F6920DBD6127388F698E9BC1A440CB7DB3992ACB6557
                                                                                                                                                                                                                                        SHA-512:462D59453ED01D8DDF54E06319AAEFC0AB5EF70ED7B0A45FFD4D3F049692044ACF0DEE3599173E58A4C281BC69AF63D8B64F9586A1B2F04991ADFA6747F19BDC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:PK..-......z[Y...1........6...AgentPackageOsUpdates/AgentPackageOsUpdates.Common.dll....(r.......>.......~.}..V..)...i...?...Br......~...x.+W..$....S...,g.m...K:-.E..L[..Z....8~.i.!..+B.....U....~{.x..`...Z\z....16g....'..(.-.....T........e.......D...C..._.-...1...n....."C....V..?D.<........W.....7.x.v.6..fZo..Bl........'..B....[CP.m.X@....KX.#.\..........-;...&...m#._.....0T<.....K..9..3.._....v.m....I.Ez......\..Z..:d.:..eY...e.rS..*..#.JJ5W&!n@v.;.......@.,......G.[.|..<.=\.JW...."1.............<3A...B........f.x...R.W.XS\2.p....U.[.W..h.?AE!..?...>.c.....H<..+..u.~./..:..:....yr.....T..\.5..\D.{..M..1.4../....L..3....|W.J........6..z....0Z.....@S..P.N4....D[........1....g@$.....f........Pfb2.:.n...B...!..+.%F..^.f...F..^..i.W.3j*.}...G.h.Lg...}C....7e....v..l..Y.&....S.J{KqQ.}J.U.....`.w......t.>>~..f._..Fx..:.4.z.wvK9.$H........|.......|.`)..n.'.A....'....gD..."|.+<q7S......f%..oP8....A..RC....._2an.X..Q...H.Rx..^9$+.1...c/Q.p1.....!......

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.Common.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):29224
                                                                                                                                                                                                                                        Entropy (8bit):6.341508215009247
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:NpYIrVWGYPHEUePsnhkgGIW7W8feKWDpQ6bo2dNyb8E9VF6IYijSJIVx+W8W:zTrVL3Ue0FSTuVbo2ZEpYi604W
                                                                                                                                                                                                                                        MD5:F9E96C557C427EF212A849BE49F7FC26
                                                                                                                                                                                                                                        SHA1:B2065BAEB817946470EEDBD2DB3AB73E169BD4D5
                                                                                                                                                                                                                                        SHA-256:701D183ED3150DCD35A601360241AB54C68B54B0AD80EDFA34569746EC76A275
                                                                                                                                                                                                                                        SHA-512:4B9A4670665EC93557A3F201995113D0609767B4E0AA105AC1F1CE5AF6262F91FA6F7212C735181A369BD770F66CD7F5D0D2E61B54C1428D9164A7996413D02E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.Common.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...I............." ..0..@...........^... ...`....... ...............................s....`.................................=^..O....`...............J..((...........]..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc........`.......B..............@..@.reloc...............H..............@..B................q^......H........*...2..........................................................:.(......}....*..0..X.........(.......o......-.....>....o......2.,..o......,..o.......{....r...p...(....o..........*.(.......$..........&...........88.......0..M.........(......-.(...+..8.o....../.,..o.......{....r{..p.......(....o....(...+....*.......................&&.%.....0..].......~......o......-.~.....o..........o.....o........{....r...p......%...%...%...%...( ...o......*....................0..O...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.Common.dll.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2006
                                                                                                                                                                                                                                        Entropy (8bit):5.012466327549389
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:327h+1/gF27RgdSagFsg+w3jdgDSg+CagFPr7:K4Mw9cr7
                                                                                                                                                                                                                                        MD5:DE33D7BC716E96683CCAEC7E3DECC54B
                                                                                                                                                                                                                                        SHA1:6CAC5E2AE17A91F55760F3652DD1D954CFE34848
                                                                                                                                                                                                                                        SHA-256:E9EC2DB29E1A7F44D6FAD976E29627E2EBCC1C9FD1797D56A69106260B70B65D
                                                                                                                                                                                                                                        SHA-512:353BF5BC4E47C7218CD3EECEE83301950FAA7D48644BEA3FE2F47B5AB432D43B466EBCF8E1A1911923EC423D30682A8FA42A3EA878E7D85C8E91EC841543B887
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Microsoft.ApplicationInsights" publicKeyToken="31bf3856ad364e35" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-2.22.0.997" newVersion="2.22.0.997" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Buffers" publicKeyToken="cc7b13ffcd

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):200744
                                                                                                                                                                                                                                        Entropy (8bit):5.749226305007416
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:w6+fUrAluLy/Dy23JLbcc0FIE9cAT2tl/g2rPdniqiTjXLRgiV12:XbrZb23JLbcBFIB/JLFiqiTjbRG
                                                                                                                                                                                                                                        MD5:5F782D0CB0F717AE9DFD1B4DA1295F15
                                                                                                                                                                                                                                        SHA1:B33575E428E19940F0585C747E054CA70A12D454
                                                                                                                                                                                                                                        SHA-256:0F233BD5FE96CF5F7EFEA0FA0634F98C37A3A095F72ACC79A3544590BF228B43
                                                                                                                                                                                                                                        SHA-512:E373BE20E06F31F81A8C0368E8FBEE0BD7E98095A6E1F85ECB8969A35CAF32E22194E2448DE9213BB86478F454E708363EA6AB990648422B57F057A0516959ED
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....]............"...0.................. ........@.. .......................@.......U....`.................................C...O.......4...............((... ..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...4...........................@..@.reloc....... ......................@..B................w.......H............$............................................................{....*..{....*V.(......}......}....*...0..A........u........4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. K.. )UU.Z(.....{....o ...X )UU.Z(.....{....o!...X*...0..b........r...p......%..{.......%q.........-.&.+.......o"....%..{.......%q.........-.&.+.......o"....(#...*..{$...*..{%...*..{&...*..{'...*..{(...*..{)...*..(......}$.....}%.....}&......}'......}(......})...*..0...........u.......;..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1780
                                                                                                                                                                                                                                        Entropy (8bit):5.027025756159462
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3rrL7h+1/gFSagFsg+w327RgdSg+CjdgDt:7r34owoR
                                                                                                                                                                                                                                        MD5:09CDFC3063DEC485A3C48111D5CEE297
                                                                                                                                                                                                                                        SHA1:02CEFEC66B6B2EEE120F97493D438F3B270AB5CA
                                                                                                                                                                                                                                        SHA-256:0ACF70AE533AF7D079F370AB3102B9563CA4C447C5DFC7A20C88AABE04295C01
                                                                                                                                                                                                                                        SHA-512:CA39056F79EFC8CE050FCCE1AAC21B2E7B62E65A0521E3CABF90C58A7249107658C2D208706FEC456CCC74D58DCDC22E23ECBAA43684613D4826505A426E1CB7
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>..<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2" /></startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Microsoft.ApplicationInsights" publicKeyToken="31bf3856ad364e35" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-2.22.0.997" newVersion="2.22.0.997" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Buffers" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />.. </dependentAssembly>.. <depend

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.ini

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12
                                                                                                                                                                                                                                        Entropy (8bit):3.584962500721156
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:WhXVLU:WBVg
                                                                                                                                                                                                                                        MD5:98BC1C91690FAAB486632504B4053AE5
                                                                                                                                                                                                                                        SHA1:CA53F1C78C8300A9081FB8B32CF12A326F4C0867
                                                                                                                                                                                                                                        SHA-256:2E15A9CA4C56145F6E9E57F0A2AFB1435EE2C26DB84157812EB81C87911D2744
                                                                                                                                                                                                                                        SHA-512:FD3E660B69D987F4F56E3C73569AA73E25DEA8D4B7FB33A8D118CEC6CC7470D36D3A01F00B88E971D01A7901890DDA227BAE8068FBBCD5C5067CFDACDD0DA7F3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:version=20.1

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):102440
                                                                                                                                                                                                                                        Entropy (8bit):6.190075678943392
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:2PAt6+FT+ZGodV5iYbYSWd85e+ZS5sSak42QhLks2OLv476wy:22bYbYSWd85I5sSakFQhHLv4E
                                                                                                                                                                                                                                        MD5:3B4C86E80369670261C68D1F5BB2AFC9
                                                                                                                                                                                                                                        SHA1:E77E028D8DBF603B8F41ACD2F2D75E4A57645FE1
                                                                                                                                                                                                                                        SHA-256:D2B782810BA8D8608BDCA858C44DDFDF3FC10C50F7732FA85D3A7F00CB624648
                                                                                                                                                                                                                                        SHA-512:983C50BFF6A88F732CC4F0790DB04CE2881F2FC80D5E8D8F793FBB961301F47B6DB722375603862D3E7CDB081C49CA5723E2449260D4286B3E9BD72D85A0F91E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5*f.........." ..0..^...........}... ........... ....................................`.................................`}..O.......8............h..((..........(|............................................... ............... ..H............text....]... ...^.................. ..`.rsrc...8............`..............@..@.reloc...............f..............@..B.................}......H........s..|............................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p(....r...p(..........(....(......&..*........00......:.(......}....*..0..Z............( ...,......(!...*~..........("........( ...-..(....s#...........,..($.........(!...*..........&E.......0..G........{....,.(......5~%...r'..po&...rm..pr...po'...tR...r...p((..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.CommonLib.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):95272
                                                                                                                                                                                                                                        Entropy (8bit):5.99620286041089
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:v4aRSNSrXS5EaKoDMsUVl0HAWMco2bJkjUB766V:v4auS7S5Ea6WMcpuUB3
                                                                                                                                                                                                                                        MD5:BB307C07EBBB496EAE96F971B64A21BF
                                                                                                                                                                                                                                        SHA1:09A19DA0FBEB2CC3CBF081F554A7D42DC2894E26
                                                                                                                                                                                                                                        SHA-256:DFE846B759B22879C93220E28E0DEAD32971844B3EC92DCD4700E0E3FBEC96A0
                                                                                                                                                                                                                                        SHA-512:0E35ACF658CE98EFAFD4BD0DA4BE4860B77D84771646D295569F6EF689293205D9BAF858E29EB00D11C815490A12A65DA5A41C855E965035D084029739D235F4
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=$..........." ..0..B..........b`... ........... ....................................`..................................`..O.......4............L..((..........h_..8............................................ ............... ..H............text...h@... ...B.................. ..`.rsrc...4............D..............@..@.reloc...............J..............@..B................A`......H.......Lh................................................................(......}......}.......}.......}........o<...}....*..{....*>.{....o.......*v.{....o...........s....(...+*...0..<........{....o.....{....#.......@(....o.....{......o........&.....*........55........{....o.....{....#.......@(....o.....{......o....*..0..$........(......`...%..".o......{.....o....*Z.(....r...po ...o....*..{....o/...r...p.(....(....o%...*6..(....o....*..{....*..{....*.s....z.s....z.s....z.s..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.Exceptions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16424
                                                                                                                                                                                                                                        Entropy (8bit):6.655242412887192
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:cXh+tY2jNyb8E9VF6IYijSJIVxaFHCcfj:cX862/EpYi600ic7
                                                                                                                                                                                                                                        MD5:BFEAD9EBEF84B6E54BD57D5E69EDCA31
                                                                                                                                                                                                                                        SHA1:92111F77D5775B3EF3A1AADCC1DB5F46A1954A6E
                                                                                                                                                                                                                                        SHA-256:D8D1E6308003DE036BB70B21F75AF7CA75F09ADD46BA61708C3A0802592C61D8
                                                                                                                                                                                                                                        SHA-512:3CCDA8E0095B65721C5054402245C0D52C323B94D2FD9E61FE04A812E278872D2BAF896E842794E14CF7ED86C1B33A5E0EE2D223CDF75ACB4DA7CFDFEAA9729A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...T............." ..0.............v,... ...@....... ...............................}....@.................................",..O....@..(...............((...`......H+..8............................................ ............... ..H............text...|.... ...................... ..`.rsrc...(....@......................@..@.reloc.......`......................@..B................V,......H........ ..d...........................................................&...(....*6.r...p.(....*..(....*..(....*"..(....*. ....*.r-..p*..(....*"..(....*. ....*.r...p*..(....*"..(....*. .*..*.r...p*. ....*.rN..p*..(....*.BSJB............v2.0.50727......l.......#~......<...#Strings....D...$...#US.h.......#GUID...x.......#Blob...........G..........3......................................................................f.....F...........n.................M...........2...........Z.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.ModelsV3.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):75304
                                                                                                                                                                                                                                        Entropy (8bit):6.240768510010967
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:xu2lKxktXgl4icipJNz671/nVYWREDnAvk2jkbukZmyJsldySMcAn9fG1EcfgrYP:AF+qo7mDEwj4NXLGcfgruFcaD76j9s
                                                                                                                                                                                                                                        MD5:6D7FC33F2CBAA36AC49A0E59BDAB72AB
                                                                                                                                                                                                                                        SHA1:E2A77AA1C979C0BE322BA0A56D13558DB3A1C903
                                                                                                                                                                                                                                        SHA-256:DF56F140B50A1319F578FE9EDC6C4ED377E519A30DFC2A2D53A241F30C83FE3A
                                                                                                                                                                                                                                        SHA-512:C20A2188301F1D73327142DBD36C1FAC62116E034B0A49F5D4C23AD942F8642A2FFD1976B0B249B0C0011B04339F912847B381309C94605984BC4EB73D514D10
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.ModelsV3.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6............" ..0.............F.... ... ....... .......................`......./....`.....................................O.... ..................((...@..........T............................................ ............... ..H............text...L.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................%.......H.......t<..`.............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*...0...........(.....(.....o....(....*.0...........(.....(.....o....(...+*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..(..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.Utils.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):51752
                                                                                                                                                                                                                                        Entropy (8bit):6.407474903458746
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:aQMnMYnUFMSptE7C+t2RO3neZN8752vwzE8Kku6ZFMLcyXXEpYi60i:a9MYn1seLE8JFMLcyXQ76P
                                                                                                                                                                                                                                        MD5:1DCD862442C7273B22B1CC318DF9BA51
                                                                                                                                                                                                                                        SHA1:154BBB2E1E3D4EC1BE4D75DFD4343CB362B1EA61
                                                                                                                                                                                                                                        SHA-256:64665F70B7A692C06570F487C3986C1D73AF507B2A15A52AB0B214F453FA9992
                                                                                                                                                                                                                                        SHA-512:80CBDD042B298CE25D0E82032E1B895B08A529D30A96306D8272E7F08FF3944A50C70632F06F803DDFFD0C9147ED83D8C43F8F43AF439A5B81BB3D7233D6D7D4
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............r.... ........... ...............................e....`.....................................O.......4...............((..........4...T............................................ ............... ..H............text...x.... ...................... ..`.rsrc...4...........................@..@.reloc..............................@..B................R.......H.......XE...q...........................................................0..........(.....o.....s........s............io........,...o.......jo....s....&.o.....O.........io ...&..i.X.O..........i(!.....i(".......(!....(#...*.........*.......0.._........($....s.......(%........i.Yo.....O......jo......s&.......io ...&(........io'.......,..o......*.........FS........((...*2.~....(....*....0...........()...,.r...ps*...z.()...,.r...ps*...z.....~....s+....s,.......o-....[o....o/...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\CommunityToolkit.WinUI.Notifications.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):145448
                                                                                                                                                                                                                                        Entropy (8bit):6.2033935785037295
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:gRdbKQx0YYK8gwbUEA5xZs0vVV2yzlhXhYThkyFqhtuElLVwkVJe5K+Q7P6IlIhO:09XeDmzV2yzlhKLFU1lLVp1+2flYFnQz
                                                                                                                                                                                                                                        MD5:31D90BF6DCA94221D7D81C17E334ED3F
                                                                                                                                                                                                                                        SHA1:8C72EB65C23BCCF35F3319B854A8EA56E0E7F953
                                                                                                                                                                                                                                        SHA-256:CBFA4444A4574661F12D27E6509682E3E9C746B3BE5CBFE8C794B05F6057E281
                                                                                                                                                                                                                                        SHA-512:D5E201F060E0F00FA10E057710B37AA51F76581D3C3FCB1D57974FEA6A140F680E018AE70508C48E5C6BE63E913DDE52294088382D6F1D44D23EA04102BDA8B9
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....nI..........." ..0.............v$... ...@....... ....................................`.................................#$..O....@..|...............((...`......,#..T............................................ ............... ..H............text...|.... ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B................W$......H.............................."......................................V!.b.....s&........*..{....*"..}....*..0..Z........(....o'...-.r...ps(...zs......(....o)....+..o*.....o.....o0...o+....o....-....,..o......*........*.$N......J.s,...}.....(-...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*6.|.....(D...*..{....*"..}....*..{....*"..}....*V.(....-.r...p*.(....*..(E...%.(....o"...%.(....o$...%.(....o ...%.o....*..(-...*..{....*"..}....*..{ ...*"..} ...*..{!...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Interop.WUApiLib.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):96296
                                                                                                                                                                                                                                        Entropy (8bit):5.6328703738583465
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:a2kKfq2RQuKDMOoytxL2L4zP+YuqL2zL7SAaDx4lbOw6OhkW76fJ9Q:XQmyxL2L4D+YZL2X7SAaqywjhkWe9Q
                                                                                                                                                                                                                                        MD5:13AAE87ECD696247FAC397F045CC7EF7
                                                                                                                                                                                                                                        SHA1:69574E2201A5DBF1BB725DA3172865E0253468F2
                                                                                                                                                                                                                                        SHA-256:8DE7F96272724EA147FF1CC7544C7349798B3635AE9C9EC5680FEA11228A7DF6
                                                                                                                                                                                                                                        SHA-512:256D8ACE98885D5206B2E73DD323413291878CFDB8582E2FE94A31B725ED9681D9BD4371D4178038B5461936A3FBCF22FEB66E600BD68ACF31D9AACC3CEE06DE
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....W...........!..... ... .......7... ...@....@.. ....................................@.................................47..W....@..p............P..((...`....................................................... ............... ..H............text........ ... .................. ..`.rsrc...p....@.......0..............@..@.reloc.......`.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.ApplicationInsights.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):386600
                                                                                                                                                                                                                                        Entropy (8bit):6.136008226210181
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:9sETsbZnV4Nsaw8MkaybNq0qJh1rDHq4so8maLvdGCBg/8Q/ZmvEyo:9sbZnMfwWFKFrrWa8BvEyo
                                                                                                                                                                                                                                        MD5:5FC49C1DD74CA00CC0A054401EBE93C7
                                                                                                                                                                                                                                        SHA1:942CF1D170A81784342DC552D7A4EC0157245159
                                                                                                                                                                                                                                        SHA-256:B4643B63E61BE52F6750A9A429914D9ED2488D40CC3EEEF4BE97350ED11387AB
                                                                                                                                                                                                                                        SHA-512:CF4C0102B677B401B113C7BEEE14AC1F70A6CCB3D926A50BA7DB55A748D9CBB5A53025ADF2111424492C08AAE44FEA325740ABEC1D4ED912D549FC5786EBCE05
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... ....................... .......<....`.....................................O.......@...............((..............8............................................ ............... ..H............text...0.... ...................... ..`.rsrc...@...........................@..@.reloc..............................@..B........................H.......T...$...................x.........................................{0...*..{1...*..{2...*..{3...*..(4.....}0.....}1.....}2......}3...*....0..q........u........d.,_(5....{0....{0...o6...,G(7....{1....{1...o8...,/(9....{2....{2...o:...,.(;....{3....{3...o<...*.*.*....0..b....... ...u )UU.Z(5....{0...o=...X )UU.Z(7....{1...o>...X )UU.Z(9....{2...o?...X )UU.Z(;....{3...o@...X*...0...........r...p......%..{0......%q.........-.&.+.......oA....%..{1......%q.........-.&.+.....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.Win32.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.83462305683277
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:7N9VWhX3WseNyb8E9VF6IYijSJIVxF5WY5R:RGZmEpYi60Z
                                                                                                                                                                                                                                        MD5:5FCBC5F2BF666A740409BAC1CD7C045E
                                                                                                                                                                                                                                        SHA1:6DB922DBF23EA02B9351DBA4169B0E4EB350BA91
                                                                                                                                                                                                                                        SHA-256:E201521DE53052ACD367AD9B3868776E5F061E088446D2D6409420F0101A5AFB
                                                                                                                                                                                                                                        SHA-512:906F5E8EB5887DE4BA920367ED75480EF506952E149D2554E618442353CA4B2CDF2684839988345B00C356A2D77213B6B905E68213B445EBCC6D5E75E507B65B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............(... ...@....... ..............................f.....@.................................T(..O....@..0...............((...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l...|...#~......<...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.7...K.W...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.Win32.TaskScheduler.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):331816
                                                                                                                                                                                                                                        Entropy (8bit):6.168683157071498
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:8BhhiUWKJzPZNRntAXIjxs2f5Jg53XWlvidurmdIq8KmefViYkJTVBXi3VaKtNTO:8DMUWITZznu85k8Wdn8KmCjIFi3Vvi
                                                                                                                                                                                                                                        MD5:750E65DDE7AC14B5920FAA34E9807AB6
                                                                                                                                                                                                                                        SHA1:9BA2E717AF511711683CEA7E1A62EC160E350A6A
                                                                                                                                                                                                                                        SHA-256:0DB29ECF229457A276C3BB0A02179C09877938C5EC5724352ADA6B16407DE331
                                                                                                                                                                                                                                        SHA-512:794C41AB53DBCF9F5AF6AD35DC5ED9C7E2290A160BBD28D1CF2A7FD1351A5410989D3B27B4C9B52325CA4F01A79B485FB07299AFC47C33AB6EFC55A77E53D5F6
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... .......................@............@.....................................O.......................((... ..........T............................................ ............... ..H............text...<.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H............9..............H.............................................{....*..{....*V.(......}......}....*...0..A........u3.......4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. ..<. )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q6....6...-.&.+...6...o.....%..{.......%q7....7...-.&.+...7...o.....(....*..{....*..{....*..{....*r.(......}......}......}....*..0..Y........u8.......L.,G(.....{.....{....o....,/(.....{.....{....o....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\NLog.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):883752
                                                                                                                                                                                                                                        Entropy (8bit):6.071371193883245
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:b1n1p9LdRN39aQLU0NnWSo7NReIGeFTiQaMcK2VJNUR10+xMhCJqtgsxUsQ6:b1n1p9LdRN39aQZUqX
                                                                                                                                                                                                                                        MD5:5BB4618C81652C0FD405001CDB982416
                                                                                                                                                                                                                                        SHA1:BFA540860AC3D1D49FB896EE2E177631E43A33EB
                                                                                                                                                                                                                                        SHA-256:ED6673853467A267CFF6E4E2E07037F0226A2942D335F59E6A9B3E7E372574F2
                                                                                                                                                                                                                                        SHA-512:5D37B663D6002060E191E6A4B4ECED6380349590F2E02910A8460DE5808C68C9BF7AD228015ECFA9A5824BC46B577DD20C094E45D11383BE00E96685B207B7EF
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..F..........:d... ........... ..............................).....`..................................c..O....................T..((.......... c..T............................................ ............... ..H............text....D... ...F.................. ..`.rsrc................H..............@..@.reloc...............R..............@..B.................d......H........%...2...........W.......b......................................"..(....*..(....*"..(....*..(....*..(....*..(....*.(....*"..(....*...0..B.......~..........(b...~....,.~.....oc......+...(......od......,..(e....*........../7......"..(....*6.(.....(....*..0..........(.......of...&.*.(....og...*2(.....oc...*....0..?.......~..........(b...~....,.~.....oc...+...(.....oh...&...,..(e....*.........,4.......0..?.......~..........(b...~....,.~....oi......+...(....oj......,..(e..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Newtonsoft.Json.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):710184
                                                                                                                                                                                                                                        Entropy (8bit):5.960343834822355
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:2BARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU6V:2BA/ZTvQD0XY0AJBSjRlXP36RMGnV
                                                                                                                                                                                                                                        MD5:79FF2C67FD3F8A73B18336167944F91F
                                                                                                                                                                                                                                        SHA1:974E824087D0146CD0139DD6C515F7A769552934
                                                                                                                                                                                                                                        SHA-256:D77ABEEFC22B5E0B6904AD2EB8D0D82B9A6611A47DF60EDA3B62436203734061
                                                                                                                                                                                                                                        SHA-512:35C8DFCB95EFB9D7EF2D24D2A08DAC244161326F7AA1290F37B40CBAA0580C1DCDD0434D53D88E362EAAE91ECE91A968466151B90D05A77C124DAA4DB77777E9
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O.......................((.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Polly.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):285736
                                                                                                                                                                                                                                        Entropy (8bit):6.184394295423341
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:LZAWDkTmokB1QI3A5XeedC1OcQykFlE1WhOMiSdNrgClZ73HpsP+zvk:LZU0BJwuOcrl1w7HX3HWJ
                                                                                                                                                                                                                                        MD5:E9622BB406B5CC041DAB8042402838CC
                                                                                                                                                                                                                                        SHA1:08DD86152507F8381E92AECA2BF9F92DF445FD78
                                                                                                                                                                                                                                        SHA-256:27B83B19EBBEBB69297D7C071CBFEEC3CF5825A7669D9844C1F5C03D32F221CC
                                                                                                                                                                                                                                        SHA-512:6D495D15BDC165A09712578D1BFE8B11DCDCBD7A71282F0B892BCE07028C3F3DAF19E5FF0A45C1F7CE235325B68280B359559C0DF6434876271B367EDFFEA16C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....&............" ..0..*..........&H... ...`....... ..............................5.....`..................................G..O....`..L............4..((...........G..T............................................ ............... ..H............text...,(... ...*.................. ..`.rsrc...L....`.......,..............@..@.reloc...............2..............@..B.................H......H....... d..t....................F......................................^.{....,.(F...z..}.....*^.{....,.(F...z..}.....*"..(K...*"..(L...*...0..,.......s.......}............s9...sv....{.....(....*.0..-.......s.......}............s9....s.....{.....(....*....0..(.......s.......}............s9.....{.....(....*.0..'.......s.......}............s9...sv.....(....*B...s......(....*......(....*.0..'.......s.......}............s9...sv.....(....*F...s.......(....*....0..X.........(:...}

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminder.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):25640
                                                                                                                                                                                                                                        Entropy (8bit):6.557142083271252
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:IAQk7qYbA6fXDpLk5LHAxOEaGxBtNXNyb8E9VF6IYijSJIVxs+8:L1LOg3BtNbEpYi60i
                                                                                                                                                                                                                                        MD5:2532E59305E0008E57C2BDD160B3D3C1
                                                                                                                                                                                                                                        SHA1:61FDFABA94E32F9C6A6D4C83F1AFF039C0DFB46A
                                                                                                                                                                                                                                        SHA-256:DB151AB41076953016567010F1B6D14035EE149DBEC43DA8E7ED4E67DDC834B0
                                                                                                                                                                                                                                        SHA-512:207A73F85F14837C844F3B54D87181DFB609FDC4523482ED8DEE24DD9B1C39103FD4DE3B8EDB1ACB4EBCB65211F1959BB1A4EED48C031EC3A30523E9DC3B6495
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminder.exe, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............."...0..2...........Q... ...`....@.. ...............................,....`..................................Q..O....`...............<..((...........P..8............................................ ............... ..H............text....1... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............:..............@..B.................Q......H........*.. &...........................................................0..:.......~....s....(.....(.~....r...p.o....r...p.o....(....o......*.............(......(....*.s.........*.0...........(.....(....o....r...p(....}......}.....s....}......{....s....}......{....s....}......{....s....}.....s....}.....(...+.~....%-.&~..........s....%............s....(.....{....s ...}......{....s!...}......{.....{....s....}....*.0...........(....,..(....*.{.... ....rU..pr...p.o"...u(.....(#.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminder.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2029
                                                                                                                                                                                                                                        Entropy (8bit):4.997010915207503
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3Aruz7h+1/gF27RgdSagFsg+w3jdgDSg+CagFt:wruv4Mw9y
                                                                                                                                                                                                                                        MD5:A1DB8C019769BA7256F40E580304C782
                                                                                                                                                                                                                                        SHA1:6C0D70EE9CEBFC288A88B100F59D5554F8C42A35
                                                                                                                                                                                                                                        SHA-256:FC68DEF71CD783C53B3D106317F879E544E3443A55AF195BDD6C663F8051A96F
                                                                                                                                                                                                                                        SHA-512:795C141D06E70CD0D91ACFFE74F519EDB78382588B10927D456D20AA70D10BADCF02A626B8B666B00B21CAFCD555F03029D16EFAABCF1D762D58AA8095B6527D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Microsoft.ApplicationInsights" publicKeyToken="31bf3856ad364e35" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-2.22.0.997" newVersion="2.22.0.997" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependent

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminderNotification.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):210984
                                                                                                                                                                                                                                        Entropy (8bit):5.347898606449367
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:8sMNkrE4AOS3ncIzkq2ijc3Y28MNwH5Z54a7c:VMNkrE4AOqcIzQijLC
                                                                                                                                                                                                                                        MD5:D9123F80F12ABA0AA0596E710AE8C2DF
                                                                                                                                                                                                                                        SHA1:DAF74A60246DBF736CAC318F5113E9787926E3D0
                                                                                                                                                                                                                                        SHA-256:C342B88D1BB7BBCE4244262BBD86D439333A339947675192A5599D6FC6B1549F
                                                                                                                                                                                                                                        SHA-512:816518573C0409C9DB4DD543BD1185C25E92093E3396D358AAFE4E65BE5BC278B23A8F417C86981120F1E5D9E4330BDCE49058D28BEE11ABCF2EDC5D74F2CBF5
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Z............"...0..............;... ...@....@.. .......................`............`..................................;..O....@..@...............((...@.......:..8............................................ ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......@......................@..B.................;......H.......H$...............................................................0..;.......~....s.....(.....(.~....r...p.o....r...p.o....(....o......*............(......(....*.s.........*.0..x........(......}.....(.....s....}.....s....}....(...+.~....%-.&~..........s....%............s....(.....{....s.......s....}....*.0..5.......(....--(....o......(.......(....+. ....( ....{....,.*....0..I.........i....*..{.......o!.....{.....o...+.. ..{....r!..p.o....(#...o.......*.*............'..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminderNotification.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):19433
                                                                                                                                                                                                                                        Entropy (8bit):4.9963400212242055
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:hrg4CdkumUwfGReGWeGFuGgeKCUDuTeHOTu0U5e3eTOaUmS0SXStuKhubUfSJeZY:hrPOPUDCTHffIz
                                                                                                                                                                                                                                        MD5:78AE9CC6C7B11BAC2B18E82FC7623CDB
                                                                                                                                                                                                                                        SHA1:8314E6F35448B820C7C703FC3E4DE598D2A51AEC
                                                                                                                                                                                                                                        SHA-256:D3841AA3440CDA26776DDE128157294E69A70B21344D5877D640C457353C2DCB
                                                                                                                                                                                                                                        SHA-512:CE6A750E75090487C47095B80D47F5AD0C3D3DE4D6EC58A01E14CC694600FEF951AE371DD2A1B82C756ADD66825611B13240DDD3AAE6339ED85DBD3392DED7E5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.1" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Microsoft.ApplicationInsights" publicKeyToken="31bf3856ad364e35" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-2.22.0.997" newVersion="2.22.0.997" />.. </dependentAssembly>.. </assemblyBinding>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Numerics.Vectors" pub

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\StructureMap.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):284200
                                                                                                                                                                                                                                        Entropy (8bit):6.117054902542995
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:TZgOtIGgeCEwNN4uaNZLVJ8ViVvW18KHxmeWntxX4xHv:9go0WPVTXgP
                                                                                                                                                                                                                                        MD5:26091035FE3B95AEF02880C0F16EE5D2
                                                                                                                                                                                                                                        SHA1:D6BD36B439AD591929DCCAFA6E1FA7FD419BDEDD
                                                                                                                                                                                                                                        SHA-256:21FE70B8F2B0D14AF696CC931D2A34A29F97AA003CE9711A7606CCF1562F155A
                                                                                                                                                                                                                                        SHA-512:4DC302392B95993FE5E4700B99B6B152CB0BE5DE327720E5CFE71D662DBC475F04F554CE660318D024A32F99CB274167803C01FD35FFA52E0A38129E2012A871
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....7..........." ..0..$...........C... ...`....... ...............................`....`..................................B..O....`..D...............((...........A..T............................................ ............... ..H............text....#... ...$.................. ..`.rsrc...D....`.......&..............@..@.reloc...............,..............@..B.................B......H.......X~..x.............................................................o...+*..o...+*..(....*n.-..r...p.r...p(<...s=...z*...(.....o>...-.r...p.r)..p(<....s?...z*.0..9..........o@......+$..........(A....oB...(...+,...+...X....i2..*..(D...*....0..n.......sE.....oF......+A.......(...+,/..oG....,.rc..p..oH....oI...(J...sK...z...oL.....X....i2..oM............oN....*..(D...*...0..E........oO....+..oP......oQ......8...,......o....-....,..o.........8.....*.*...........'.......V.-.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.AppContext.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.808058508898839
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:mDNxWQFWsoNyb8E9VF6IYijSJIVx5+V772g:mDNVLAEpYi60ix
                                                                                                                                                                                                                                        MD5:CB6CEAD1C494643D8BC177A3181DAA46
                                                                                                                                                                                                                                        SHA1:28FC5E2823C87ACB25AA28C72E36E8FED27509C8
                                                                                                                                                                                                                                        SHA-256:C77CE05A295FE74CC5536BB3067310412E416AB5207C1A147AA3FB0396B607F0
                                                                                                                                                                                                                                        SHA-512:A0DA988D2B8909ACC02F33FCB23ECC4D518DC087FAF1D4EC97FBEE9D214DAC3D203AF8DDC36D117403781F3B908DCA3B392E6985B0955504BA7935BD1C665443
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0.............f(... ...@....... ..............................+.....@..................................(..O....@..................((...`.......&............................................... ............... ..H............text...l.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................H(......H.......P ......................\&......................................BSJB............v4.0.30319......l...|...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.....K.N...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Buffers.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22056
                                                                                                                                                                                                                                        Entropy (8bit):6.670261992081206
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:OrMdp9yXOfPfAxR5zwWvYW8aznNyb8E9VF6IYijSJIVxAUy6k:OrMcXP64LEpYi600
                                                                                                                                                                                                                                        MD5:EC6BE562CD6ED413FF0E833A77595A6A
                                                                                                                                                                                                                                        SHA1:3D78998E7532950DE013624F79D84B0BDD038E35
                                                                                                                                                                                                                                        SHA-256:58A397559EB7450009E7DCEED705386E97403B640E4C2572A2C21ED38ECEC7BE
                                                                                                                                                                                                                                        SHA-512:4477A3975C10E011F406849CAD5F178CC621F29797AAEE26E5D9E6DCEB9174FC573CFFA5D6CC216816E142941572CB1F768079CA091532EDFE0C183FCE7C4267
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..$..........BC... ...`....... ....................................@..................................B..O....`..@...............((...........A............................................... ............... ..H............text...H#... ...$.................. ..`.rsrc...@....`.......&..............@..@.reloc...............,..............@..B................$C......H........'...............?..X...8A......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*B.....(.........*R.....(...+%-.&(!...*^.....("....(...+&~....*.s$...*"..s%...*..(&...*.*....0......................

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.Concurrent.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.903995238231185
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:cm2igOWnW8rW/tNyb8E9VF6IYijSJIVxPT89QpN:EtaJEpYi60w9qN
                                                                                                                                                                                                                                        MD5:C27898B6BA04D6A07DC20F956DD5B692
                                                                                                                                                                                                                                        SHA1:AB58016F4F33BB28422732254FCFFBB55D35568D
                                                                                                                                                                                                                                        SHA-256:B26BCE9C60613EA4C558F37C13C019ED90EE425C0DF34EF46F1394731D123AAF
                                                                                                                                                                                                                                        SHA-512:C11CA3B0DAA4BF95D9991743FE42627BE31DF0F1FB7FD1116C29659442AD1A548BF21C08184CF6397DB56E548B09DCAE08ED7C4D387FDBCE06D4AC4A2F638CAA
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............)... ...@....... ...............................q....@.................................t)..O....@..D...............((...`......<(............................................... ............... ..H............text........ ...................... ..`.rsrc...D....@......................@..@.reloc.......`......................@..B.................)......H.......P ..l....................'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings....@.......#US.D.......#GUID...T.......#Blob......................3................................................n.o.....o.....\...........8...3.8...P.8.....8.....8.....8.....8.....8.....1.....8.................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.NonGeneric.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.899076813883936
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:+napn1iwwPWcGWT5JNyb8E9VF6IYijSJIVxagmKJFNt:9Dur5NEpYi6002V
                                                                                                                                                                                                                                        MD5:0A6F2F96579FB5DEA09A1D43AC461A1A
                                                                                                                                                                                                                                        SHA1:AC96B251758FC588C699BD92F9C295F90390F777
                                                                                                                                                                                                                                        SHA-256:64E8FD26982BB275167E2C063FA9B6FD91C867DCFE8F685978C79BE5D56FB1D8
                                                                                                                                                                                                                                        SHA-512:17EFE747E4DC387DB0AF3B328F3C039786806FA85D574E94B23F4CCA6A50B9768B37A094A797ADAAB4B4FCAB8DFDA950F0E9B41EB8FE4505A4116941A7E09184
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ..............................._....@.................................p)..O....@..@...............((...`......8(............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................)......H.......P ..h....................'......................................BSJB............v4.0.30319......l.......#~..t.......#Strings....<.......#US.@.......#GUID...P.......#Blob......................3................................................F.o.....o.....\...........,.....,...(.,.....,...f.,.....,.....,.....,.....%.....,.................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.Specialized.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.9045106778941765
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:THLaEav5aaUa6arWVLWrMNyb8E9VF6IYijSJIVxg3Sp:aPv5t/NOOMEpYi608i
                                                                                                                                                                                                                                        MD5:BC6FBEE698B433A15A5A8677C6E5227F
                                                                                                                                                                                                                                        SHA1:70C76DD5825850EB215B7E9070418AEA6ED8CADE
                                                                                                                                                                                                                                        SHA-256:1FECD69B9EBAFD71F1DDC6DA55091FB5EAE5C2985901D07B7866F6146AECA31C
                                                                                                                                                                                                                                        SHA-512:537A2122AB5E8472BBA4E3FDF5AD20D11852E4456EFE903FDE30B28FA667C4867723B88D15494B2A8C16516050F2DA254541845983EF7BEDF85D016A0B9E36AD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............)... ...@....... ..............................]i....@..................................)..O....@..P...............((...`......P(............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..........#Strings....T.......#US.X.......#GUID...h.......#Blob......................3..................................................`.....`...t.M.................................=.....V.................q.....Z...................G.....G.....G...).G...1.G...9.G...A.G...I.G...Q.G...Y.G...a.G...i.G...q.G.......................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15912
                                                                                                                                                                                                                                        Entropy (8bit):6.759690943204462
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:S6iIJq56dOuWSKeWukNyb8E9VF6IYijSJIVxHDRxQhpXi:EiAuEEpYi609mu
                                                                                                                                                                                                                                        MD5:F140E615371C9918B41BB82BEFC04B60
                                                                                                                                                                                                                                        SHA1:30CDA9BCD776EBE15DD6E2A544662B1ED1711294
                                                                                                                                                                                                                                        SHA-256:4DD6878D7D30A6BE05FBDDDBDB1D8EBC2B0A3F264DE071069F019F5A47766911
                                                                                                                                                                                                                                        SHA-512:612A62533A48D8261D0287448B3BD51F891512305D86899B7E67CF5CB9F0BFF7F6EB4FA0C758D6802BBD2AEE2718B8D4D9B081292DEA285F1A3C13BF9119CE40
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............*... ...@....... ...............................y....@..................................*..O....@..................((...`......L)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ..|....................(......................................BSJB............v4.0.30319......l.......#~..|.......#Strings....\.......#US.`.......#GUID...p.......#Blob......................3................................................k.~.....~.....k...........*...0.*...M.*.....*.....*.....*.....*.....*.....#.....*.....x...........e.....e.....e...).e...1.e...9.e...A.e...I.e...Q.e...Y.e...a.e...i.e...q.e.......................#.....+.....3.....;.....C./...K.O...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.EventBasedAsync.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15912
                                                                                                                                                                                                                                        Entropy (8bit):6.811319806859492
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:vnzz+MpSaLWW0+WCANyb8E9VF6IYijSJIVx1JiCB:Xpui4EpYi607HB
                                                                                                                                                                                                                                        MD5:674C7CC18094A065F1AD7C2D70B6DCDB
                                                                                                                                                                                                                                        SHA1:62F106B045278CCC693684697B55BD1D6AEC77E9
                                                                                                                                                                                                                                        SHA-256:1DBE44461DBBE4E57F9F28FF4B2F4F68E49C2DEE1FB632449F2B3D7046ED2CDF
                                                                                                                                                                                                                                        SHA-512:8C7C029227051B60156636CB0B1D93ECD2D64C23E61FF4C104D511BA1ECCCB6374A3AAC5A8A19D3F028391F74CE196FDE257C811B1E6A6BDAAE7FEB577F8A7B7
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............B*... ...@....... ..............................l.....@..................................)..O....@..................((...`.......(............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$*......H.......P ......................8(......................................BSJB............v4.0.30319......l.......#~..t...@...#Strings............#US.........#GUID....... ...#Blob......................3............................................................V...........j.................i...........8.................S.....<...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.'...C.B...K.b...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15912
                                                                                                                                                                                                                                        Entropy (8bit):6.8574566850311935
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:9Ghr+YUfyHxsW/HW5zNyb8E9VF6IYijSJIVxVU5j:ikmcvEpYi600
                                                                                                                                                                                                                                        MD5:814CA88031F4742F96F0A1FC023BD1B2
                                                                                                                                                                                                                                        SHA1:14ABC123D068A7A436A90AC7575638FE3718FECE
                                                                                                                                                                                                                                        SHA-256:6B94B8330FEA4DC6A8B8346C8327F5263EF404A79604DA345E4750B3E577AFA2
                                                                                                                                                                                                                                        SHA-512:8EE21783BE3F4087DA177E956427D2FB55BF6A42BD67E55DEEC109FB3A9134C76480D8C5B4434A531E21D46446EDA8772AC4897564BA4C6FCD479A96082F199B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............+... ...@....... ..............................N.....@.................................<+..O....@..`...............((...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................p+......H.......P ..4....................)......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................................Y.]...{.]...6.J...}.....r........... .............................................................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D...Y.D...a.D...i.D...q.D.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.TypeConverter.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16936
                                                                                                                                                                                                                                        Entropy (8bit):6.791342781786458
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:tRE+ruiA5vzWeNWdSNyb8E9VF6IYijSJIVx4XLb:tS9b2yEpYi60Y/
                                                                                                                                                                                                                                        MD5:2FF5CA376EC3B22D4C644E0D2EF2C251
                                                                                                                                                                                                                                        SHA1:CB44B2A742F07ACA00C81A8E6E974F8EB48E287E
                                                                                                                                                                                                                                        SHA-256:518157DDFFAB7B2E4FAA5F35315786FFE78C3ABA1D282A71E8531324C220A7D5
                                                                                                                                                                                                                                        SHA-512:0ED9C50322375C86FE1A508302F417B8036C4E14B8665509D1465EB3270CF9F69B2D9D05D12C00503BE1CCD0B059EC09EBC1B0DE0B4344CA7248CBF98AA95204
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0............../... ...@....... ..............................Q.....@................................../..O....@..p...............((...`......T................................................ ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B................./......H.......P .......................-......................................BSJB............v4.0.30319......l.......#~......@...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3................................;.....Y.........8...........<...........P.......................X.....q.....g................."...................I.....I.....I...).I...1.I...9.I...A.I...I.I...Q.I...Y.I...a.I...i.I...q.I.......................#.....+.....3.....;.%...C.@...K.`...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.849219139849392
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:sT+6ywnVvW0LW5SNyb8E9VF6IYijSJIVxcomX+Q:s998yEpYi60ZQ
                                                                                                                                                                                                                                        MD5:A3767F833B7DC371A63FD24BC47EC860
                                                                                                                                                                                                                                        SHA1:962EAC5A3F829D0E7A37D357B59784FC2C30D0C5
                                                                                                                                                                                                                                        SHA-256:977059230957BD6898054C5690B79770CCAFD001E6530976F4555E943291CB92
                                                                                                                                                                                                                                        SHA-512:6A168D4E72B89B65AC385E99D13AA36004A22EACBBDA93D7A933C05191EF9A4AF88A667150E12787FCF1D595B46B5C297521DD8B0B302329FF91CBA938D7E737
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ....................................@..................................(..O....@..................((...`......|'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...h...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....7.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Console.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.847269902417784
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:NRbzriaXT+WlEWe5Nyb8E9VF6IYijSJIVxri+tLZB:P7icodEpYi60u87
                                                                                                                                                                                                                                        MD5:D8301ABE51723EA90AC26BEC7107CDE2
                                                                                                                                                                                                                                        SHA1:A23A59BF76D2984D83D2151754AFCDE0F8B39571
                                                                                                                                                                                                                                        SHA-256:6CDF0F8678D101EE6837283A663E4E57FF0C04E32AF3906A502568F63A2054A1
                                                                                                                                                                                                                                        SHA-512:FA46D4A5F0804DEBF7154096A00BE4D0EACA869B16AD36A99D4AFFAAB2B27454AA31D181EB2DE92BE9BED82B0E486C2667F4ACFC89CE0BFE41B784474C438FF2
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............6)... ...@....... ..............................$.....@..................................(..O....@..................((...`.......'............................................... ............... ..H............text...<.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ......................,'......................................BSJB............v4.0.30319......l.......#~..H...x...#Strings............#US.........#GUID...........#Blob......................3......................................................k.....?.....$.....S.................R...........!.....j...........<.....%...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.+...K.K...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Data.Common.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):148520
                                                                                                                                                                                                                                        Entropy (8bit):5.417690904085497
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:FdYO+3m9R6e1x03BZ6bDSzZ8B0uAP+CSP:z+2jv1x0ebezWiun
                                                                                                                                                                                                                                        MD5:4E5715CCEAED8AF7F5FBCA92CF7890AC
                                                                                                                                                                                                                                        SHA1:0D9195E6861675CC4AB9231D8D37C6787DB70ABE
                                                                                                                                                                                                                                        SHA-256:E31EE9088ABE8F4B12037583861D50425A51470D455DCB2B3F14B976DEA7DF35
                                                                                                                                                                                                                                        SHA-512:87D665FF6550BB48512AD07C22D6C4FC2280AEF9952FA19BBD846D6271F50E99704B551E11CDD17DA4ED195F4A468BD6DC53E06D74DBC3B6B1FAEFC36F4D452B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............,... ...@....... ..............................L.....@..................................,..O....@..................((...`.......+............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H........A...............?..h...t+......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r;..p.(....*2ro..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2rK..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2rM..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Contracts.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15912
                                                                                                                                                                                                                                        Entropy (8bit):6.811910923320141
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:qzNnzx7FWjYW5mPVNyby2sE9jBF6IYiYF85S35IVnxGUHF8oymi93JGX:4RtRWjYWw9Nyb8E9VF6IYijSJIVxINGX
                                                                                                                                                                                                                                        MD5:5BBDB5177872D6056A16156D1054629A
                                                                                                                                                                                                                                        SHA1:C406A78F21B73C98C1650DA863F62D9574CBC1B0
                                                                                                                                                                                                                                        SHA-256:FDC5C25D74B42D5394A957A2BF76C892A79C14F0EB47365AA7658D614367009F
                                                                                                                                                                                                                                        SHA-512:C6BC4FA6D4C5B503D596B54BEB4BF22B831622499C2176FD677304CD1444D21605BF1F39A4B02EE319C2C04255B17F6DAA48B0087B61DBB6B577CF55DF599376
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............*... ...@....... ...............................h....@.................................x*..O....@..@...............((...`......@)............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................*......H.......P ..p....................(......................................BSJB............v4.0.30319......l...@...#~..........#Strings....H.......#US.L.......#GUID...\.......#Blob......................3..................................................-.....-.........M...........[.................'.....@.................[.....*...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Debug.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.891333615519176
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:ZeWnoW7zNyb8E9VF6IYijSJIVxG1+M1v9:ZnJvEpYi601M/
                                                                                                                                                                                                                                        MD5:492474182461AD44627970F9BDA3353A
                                                                                                                                                                                                                                        SHA1:4615E954172D1CAEA1E254972DC7F995231B0C79
                                                                                                                                                                                                                                        SHA-256:54BB3F2B00F95B924EEB7896B0A2F00DF47BE6B5A35535523CE04EC3DB26B586
                                                                                                                                                                                                                                        SHA-512:2EF0B4E7CB9707C34BD8A1069D4AAB1E5D1B97857D93F12F3C76F985B69F946B7D0CEB7532E155D24D58CBECDD96A6C10793DE07EABCB2379C61BCC3BAFC5882
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ...............................k....@.................................X)..O....@..$...............((...`...... (............................................... ............... ..H............text........ ...................... ..`.rsrc...$....@......................@..@.reloc.......`......................@..B.................)......H.......P ..P....................'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings....,.......#US.0.......#GUID...@.......#Blob......................3......................................K.........]...........d.............o...".o...?.o.....o...}.o.....o.....o.....o.....h...-.o.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.DiagnosticSource.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):99368
                                                                                                                                                                                                                                        Entropy (8bit):6.2367181096327435
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:qTDoXrtUaK/XIg+rZAXj8s9HaWt9LuOw9VHHV55aTwWbaD763K4:CitRK/XIgIZAXjD96WfLtGdM5baDI
                                                                                                                                                                                                                                        MD5:E436018D154260FB2AC921477F8E31A1
                                                                                                                                                                                                                                        SHA1:78330AC1C3D16B6A84954E0FCB05EF81C2AAB773
                                                                                                                                                                                                                                        SHA-256:C294A1022777E2B3F9B30E6D0F25E0D0EC93EAFC08B120EB09A62D3A66F0CC6F
                                                                                                                                                                                                                                        SHA-512:531103448B34CD9914927B7037BE7BA55D4352C555566EA2B67EADDC1271E5D71474C789B0BAB6E7C2BD408A849340B68AA69AFD24AB91D80C3E8B4CFB3FE285
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v.#..........." ..0..R...........o... ........... ...............................-....`..................................o..O....................\..((...........n..T............................................ ............... ..H............text....P... ...R.................. ..`.rsrc................T..............@..@.reloc...............Z..............@..B.................o......H.......4................e.. ....n........................................{'...*:.((.....}'...*..0..#........u......,.()....{'....{'...o*...*.*v ..yN )UU.Z()....{'...o+...X*....0..:........r...p......%..{'......%q.........-.&.+.......o,....(-...*..{....*:.((.....}....*....0..#........u......,.()....{.....{....o*...*.*v ..:. )UU.Z()....{....o+...X*....0..:........r-..p......%..{.......%q.........-.&.+.......o,....(-...*..{/...*..{0...*V.((.....}/.....}0...*.0..;........u......

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.FileVersionInfo.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.849695340076211
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:F6oWJjWN3Nyb8E9VF6IYijSJIVxukIAFaS:F6vk7EpYi60J
                                                                                                                                                                                                                                        MD5:D6E6ABBB9F1D390F625547ABF8816006
                                                                                                                                                                                                                                        SHA1:022D2B079CFE2498C72DDE7E46E07A6AB5F34E00
                                                                                                                                                                                                                                        SHA-256:C9C9931BAE9A3AAAF026FCE5FA63B1A53E77C1848018D1738D5CE5435BF7E756
                                                                                                                                                                                                                                        SHA-512:06E902B78EF858CE31FF7AB77211872F0683D03E5A05C8BE9DAB24D41E885C555691B385C993BCB8A6D87E2D4C6746117B6748BA17351C6A6A158F98E346C81D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ..............................C.....@.................................H(..O....@..p...............((...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B................|(......H.......P ..@....................&......................................BSJB............v4.0.30319......l...|...#~......(...#Strings............#US.........#GUID...$.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.$...C.?...K._...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Process.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15912
                                                                                                                                                                                                                                        Entropy (8bit):6.777208714139607
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Eqk53/hW3fZ+zWqyNyb8E9VF6IYijSJIVxjO0:Eqk53MmSEpYi60H
                                                                                                                                                                                                                                        MD5:541C108C06FDBC6FEAD67A016EF12FB7
                                                                                                                                                                                                                                        SHA1:0EE2C9A8741E723DE3864428CE137E6DB17A4B7D
                                                                                                                                                                                                                                        SHA-256:27EBC61FAB1EE87C8AC6D5D5F00C94625C01E3A105A5C7471075E66A342A3019
                                                                                                                                                                                                                                        SHA-512:0C5274B487C5EADA7968010F49A66D5464F095B7AC9B9553E5AB7568EFAAA672FB27A668E5F7EAF9323D1D12AA3A3CBEFB3D2108D91281EB6B915EAA93BE05BF
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............**... ...@....... ...............................Z....@..................................)..O....@..0...............((...`.......(............................................... ............... ..H............text...0.... ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................*......H.......P ...................... (......................................BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID...........#Blob......................3............................................................j.q.........~.................}.....3.....L.................g.....P...................k.....k.....k...).k...1.k...9.k...A.k...I.k...Q.k...Y.k...a.k...i.k...q.k.......................#.....+.....3.....;.....C.7...K.W...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.StackTrace.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):17960
                                                                                                                                                                                                                                        Entropy (8bit):6.662038790195001
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:vFCc4Y4OJWfOWqWWOW7yNyb8E9VF6IYijSJIVxwON9ll:9CcyCrSEpYi603j
                                                                                                                                                                                                                                        MD5:10DF0D52BD08862FB41F2C8582288AB2
                                                                                                                                                                                                                                        SHA1:139BBFDD3A66EC2E784D018957CA20B53876F72F
                                                                                                                                                                                                                                        SHA-256:13643BB940237A53CAA30F1C003F10342CEEC98277E92C3A732477D51AD557CC
                                                                                                                                                                                                                                        SHA-512:1380E2D3674383679728387FFC34831EA63AB5CAC650C1560F8518BAA850F8129F2499BF21D561E2FB06DA0FCC8E30472553CE5137F114075639B4A2AD16157F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.............N.... ...@....... ....................................@..................................-..O....@..................((...`......L-............................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................0.......H........ ..4....................,......................................F.(....~....(....*6.o.....(....*6.o..........**.o.......*.~....*.~....*.BSJB............v4.0.30319......l.......#~..<.......#Strings.... .......#US.(.......#GUID...8.......#Blob...........GU.........3..................................................8.........*.h...m.h.....Z.....$...........Z...+.|.....Z...1.Z.....$.....$.......3.D.......|...F.|...c.|.....|.....|.....|.....|.....|.....Z...I.|...}.Z.....Z.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.TextWriterTraceListener.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.875406955244284
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:9AWxMWxiNyb8E9VF6IYijSJIVxMPtr8pa:9vjiEpYi604r4a
                                                                                                                                                                                                                                        MD5:A084DC9EAA9782BA85BB94D61D73028F
                                                                                                                                                                                                                                        SHA1:BE0EC4DE4E411637C955BE82182F79AD976EF059
                                                                                                                                                                                                                                        SHA-256:05D7F866C30747A14A6A853F4748379040394E2A44DCED7053484CE5008E44EC
                                                                                                                                                                                                                                        SHA-512:95D541599CF41681D98210A385828E3F86899B1014548907C5F902DFFCA671BCFA850B592F02DED2E7D62CA43E3281ACAFADD518E363BEC6F710BFCB9FA60ABC
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@..................((...`......L'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..|....................&......................................BSJB............v4.0.30319......l.......#~......P...#Strings....D.......#US.H.......#GUID...X...$...#Blob......................3......................................z...........!...\.!...0.....A.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.,...C.G...K.g...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Tools.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.8556365736617035
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:7AlcWHaWOQNyb8E9VF6IYijSJIVxyoOVk:Q96oEpYi603Mk
                                                                                                                                                                                                                                        MD5:A1CC50DB46DD86DF240CC2A23B6BBAD6
                                                                                                                                                                                                                                        SHA1:463ADC4A19FE32A49331DE9B2C6D67EFA8CE1BE7
                                                                                                                                                                                                                                        SHA-256:302C98A9C7D98021ED1F31D8053835EA1D1B1625A9BC0E0367A730255F14F11E
                                                                                                                                                                                                                                        SHA-512:7DA514CFE77E38DDF394BD69FC285BE03EEF921142FB50031B00873532F3188ED75D491A5DA088518E29270B1C421AB9625683368DB78F3ADD3E95B42480B49D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ..............................~R....@..................................(..O....@.. ...............((...`......d'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......|...#Strings....p.......#US.t.......#GUID...........#Blob......................3............................................................`.....1.....t.................s.....).....B.................].........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.TraceSource.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15912
                                                                                                                                                                                                                                        Entropy (8bit):6.775846940237315
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:zeIZnWlNWTaNyb8E9VF6IYijSJIVxpcstAgx:iUyo6EpYi60Pvx
                                                                                                                                                                                                                                        MD5:9671E55290BE36C3CD22D6A549922449
                                                                                                                                                                                                                                        SHA1:286C9D98A1520DFE23977BAC6FAC824C1E2694D8
                                                                                                                                                                                                                                        SHA-256:8BE085D0C8454FD84F57B36CF815288B68AD57021D581CC263110127AF0316B5
                                                                                                                                                                                                                                        SHA-512:C9DA2CE9B4EDF22FD871DE2555AE8A57D404D5A415857F90D6630FA372A5543A76E9C1425146FDE92A34C2184EE1C589AC5F8E0008635B7EFF23AF7FB250B5F7
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............2*... ...@....... ..............................+.....@..................................)..O....@..P...............((...`.......(............................................... ............... ..H............text...8.... ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................*......H.......P ......................((......................................BSJB............v4.0.30319......l...\...#~..........#Strings............#US.........#GUID...........#Blob......................3............................................................t...................................=.....V.................q.....Z...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Tracing.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):25640
                                                                                                                                                                                                                                        Entropy (8bit):6.491261723097907
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:qlQnCMi33333333kj8xe+5PTYM3zUy+CezHjzgKj0uRWOdWmWJdWZ+Nyb8E9VF6K:AQq33333333kX+TBi8OGEpYi60/T
                                                                                                                                                                                                                                        MD5:B3662B640160F37317BBAE869DBA68F3
                                                                                                                                                                                                                                        SHA1:47D6CF7158EE942AFF3503ACA9CC72B4A3457264
                                                                                                                                                                                                                                        SHA-256:5A1B51984ABDA1A9BF710A7B475BA3CF4377B18044B01313683B19A6DE84A8CE
                                                                                                                                                                                                                                        SHA-512:44647F1142741F424459301CD03DB1AE0CB383F016F00C1C22DBEBB083861E12B32DC946004913E125C39C4A7458D8E945AE6A46F155C95132E0A1FCA58A730E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.............RM... ...`....... ....................................@..................................L..O....`..x............<..((..........PL............................................... ............... ..H............text...X-... ...................... ..`.rsrc...x....`.......0..............@..@.reloc...............:..............@..B................3M......H.......8*...!...................K.......................................0..H........(.....-.r...ps....z.-.r...ps....z.(......}......(#...}.....{.....o....*"..(....*....0..Z.............%.r#..p.%..{.....%.rA..p.%..{..........%.rS..p.%..{....l.{....l[...ra..p(.....(....*&...{....*.0..4.................}......+....{.....".......X.....{.....i2.*.0..k..........{........{..........."....(.......X....{.....i.0%.(..........(.....(.......,..(........"....3.....}....*.......=..M......

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Drawing.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.849594226945824
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:c28YFlXulWY/WGONyb8E9VF6IYijSJIVxKD9Cs7:c0qX2EpYi60i7
                                                                                                                                                                                                                                        MD5:E5FD46755DB68482AAC91448007B7EF1
                                                                                                                                                                                                                                        SHA1:924B322CCBDD9BC877D9AD0938469DAEBF42FFFB
                                                                                                                                                                                                                                        SHA-256:0685FBBED961D709397949761A74E03D23C91A1386AED35B7D603265FE671CD0
                                                                                                                                                                                                                                        SHA-512:CC35F27872FEE334300226DB72DA4B2FA0A7BCBB56182CF5C41A0937B7F9B9C38BD261F4455608BFAAA6001C0BD299F2706F407A2F6275E88EC7602D932C108B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ..............................9.....@..................................(..O....@.. ...............((...`......t'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~..,...P...#Strings....|.......#US.........#GUID...........#Blob......................3......................................................~.....R..... .....f.................e...........4.....}...........O.....8...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Dynamic.Runtime.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16424
                                                                                                                                                                                                                                        Entropy (8bit):6.728260171249145
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:AuMLcdQ5MW9MWYONyb8E9VF6IYijSJIVx3djz:dOcSpS2EpYi60h
                                                                                                                                                                                                                                        MD5:16058CE2B1E71FFB59B1B3AF098B45D6
                                                                                                                                                                                                                                        SHA1:8A3A8393790B5DF0110308E1457F479B776F4643
                                                                                                                                                                                                                                        SHA-256:F49DEB25BBE363AB05CF8D0746C6B7968BE017994A38287C6F7DF720F3735753
                                                                                                                                                                                                                                        SHA-512:D2D4CF48E16D98DA4CEF3AC1C451C8FB6354E2EB2116D12910E38E229A3FECD7111FC88C9A20D97DBA633B9B73A4AF236BCD97F9816B3155E50A84C6B8DAF66A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............,... ...@....... ..............................S.....@..................................+..O....@..................((...`.......*............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l.......#~..p...0...#Strings............#US.........#GUID...........#Blob......................3................................................;.........................$.....$.....$.....$...[.$...t.$.....$.....$.........g.$.....#...........e.....e.....e...).e...1.e...9.e...A.e...I.e...Q.e...Y.e...a.e...i.e...q.e.......................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Globalization.Calendars.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15912
                                                                                                                                                                                                                                        Entropy (8bit):6.8132103569800675
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:VZ7RqXWDRqlRqj0RqFWqENyb8E9VF6IYijSJIVxVaC7C:z9qKqjqjuq5kEpYi60LC
                                                                                                                                                                                                                                        MD5:935B3F4DCBFF7BBD52913D0F7EAAFBA9
                                                                                                                                                                                                                                        SHA1:1D733AD56E1CDC7DE2779F63ED2EFE9FD1E45C2F
                                                                                                                                                                                                                                        SHA-256:8ADDFEC47A19651E12512201A0934918B987C49CB99D76240CE3A1F9F0E5CF34
                                                                                                                                                                                                                                        SHA-512:8801B708FC1074036B97AE888C7A0084D25F805D599C1A76B293BE63038C36A997069D2B6B7889CE13AC7A2F2681D2C82BCE2AA9B72FE34BD3C4BD771E1CDAC4
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............*... ...@....... ...............................`....@.................................X*..O....@..P...............((...`...... )............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................*......H.......P ..P....................(......................................BSJB............v4.0.30319......l...L...#~......l...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................z...............\.....0.....%.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Globalization.Extensions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20008
                                                                                                                                                                                                                                        Entropy (8bit):6.628083630487221
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:0NBMbljRC+lgfS1RPWYR1Rw0R9WYRPWYRDRj0R9W7eNyb8E9VF6IYijSJIVx3oNZ:0vMhF2SzNzwu/NljuQmEpYi60MQa
                                                                                                                                                                                                                                        MD5:483D7EFB2ADC512ED1563B35B9B3EFD5
                                                                                                                                                                                                                                        SHA1:8E722995213EC350A5C7EFF9E5051055FF620830
                                                                                                                                                                                                                                        SHA-256:C25F19BAECAAA43BC0F66CBE2A4D62667F63480A69E6D2F283C39CF0C29575DD
                                                                                                                                                                                                                                        SHA-512:90D47C1B3F5FEC620D4EED5623AABF0749FC6CE76946F10ABEABDCAB57F70D98B16F4D5D033F5C945B8C5364B3C64EE329775B6AB01541BAB17B790770F8AA4E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............6... ...@....... ....................................@.................................a6..O....@...............&..((...`.......5............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................6......H........"..H............4......(5........................................o....*"..o....*..o....*"..o....*j~....%-.&(....s....%.....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*......(....*...0..K........-.r1..ps....z. ...@3.(....*. ....3.(....*. ...._,.(....rI..ps..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Globalization.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.9010962408519045
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:HZ4RLWdRfRJ0RZWDeNyb8E9VF6IYijSJIVxlyU4D:HZK0pJuImEpYi60o9D
                                                                                                                                                                                                                                        MD5:049F4C96D31A5E6B98B5D637F00C1C32
                                                                                                                                                                                                                                        SHA1:133CBD6A89A92AC4CD29A632A065B33D7EAF3EC4
                                                                                                                                                                                                                                        SHA-256:DD1833786DA36E28E56E8B213C793CD57F18D9A3178C6849421AFD1054DBD499
                                                                                                                                                                                                                                        SHA-512:E6E1250556CFF2905D299E9BFD173204B458D00F9F3A1D1027950D6C3691BFD4084189F296C73F2635F92D5D4CBE4B8A17A2FBC19932501403F9BA1A04BBAF07
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ...............................5....@..................................)..O....@..................((...`......h(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3......................................................m.....A.{.........U.................T...........#.....l...........>.....'...................u.....u.....u...).u...1.u...9.u...A.u...I.u...Q.u...Y.u...a.u...i.u...q.u.......................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Compression.ZipFile.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.79493567439118
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:pYWsmWIyNyb8E9VF6IYijSJIVx39m93xf:p2wSEpYi60QLf
                                                                                                                                                                                                                                        MD5:DF8B1FEAD5A4F0105FA1F2E8C5846C32
                                                                                                                                                                                                                                        SHA1:42543F56C95297347741D83B2895089071BA0165
                                                                                                                                                                                                                                        SHA-256:849BE6985BE9E724F51B1E49A4458B0CDFA39BBE34C14856673145ADF453FC61
                                                                                                                                                                                                                                        SHA-512:A0F1C331C51F028596FCCA91BA911D4E028A5749B51CCAD7CA718D1413649A244D4CAC6F9653C83AD593FBA7588B391BFE5DA19DEB2DD23E647139C211FC878E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............*(... ...@....... ...............................3....@..................................'..O....@..@...............((...`.......&............................................... ............... ..H............text...0.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P ...................... &......................................BSJB............v4.0.30319......l.......#~......D...#Strings....8.......#US.<.......#GUID...L.......#Blob......................3......................................................z.....N.....".....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........:.....C.....b...#.k...+.k...3.k...;.....C.....K.....S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Compression.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):105000
                                                                                                                                                                                                                                        Entropy (8bit):6.382223209570539
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:Svc/U5yNq2oS4Zd0LE3YigSFvhoZO2K3aAYH2TfXmNoJXBA76GQ:Ogk1tiLMYiDFvxqrWDWNoJXBAw
                                                                                                                                                                                                                                        MD5:4D5373B6A808F58896D8ECA2336AFD01
                                                                                                                                                                                                                                        SHA1:8A2D965974BE510616A1B689064D52C82307F142
                                                                                                                                                                                                                                        SHA-256:F057B5B2405F7C094FDE00200F813280BAA6E2323CA55450547042F15B2EFE25
                                                                                                                                                                                                                                        SHA-512:D6C217672649826C9D8BA2A5626F351494D3533F8F8F651064D9E2B7D8D4E75922B1FB87624B1B2FDD59C4C130D3359F3E189E6A04732972A69813D5BB7D3F88
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..d...........W... ........... ..............................&w....@.................................5W..O....................r..((...........V............................................... ............... ..H............text....b... ...d.................. ..`.rsrc................f..............@..@.reloc...............p..............@..B................iW......H........................9.......V......................................j~....%-.&(I...s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r7..p.(....*2rs..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r=..p.(....*2r_..p.(....*2r...p.(....*2r...p.(....*2r...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.DriveInfo.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.852952043693082
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:XKcuz1W1cWliNyb8E9VF6IYijSJIVxLnd9f2S:Fu8niEpYi60beS
                                                                                                                                                                                                                                        MD5:53D21921EFE5BBFFAF3146D0085D7D00
                                                                                                                                                                                                                                        SHA1:5A927CD487E88E62836BF2268F3475E49733BF8F
                                                                                                                                                                                                                                        SHA-256:24A261F2686F7356E10775FB50D757C52CE60C8CCF534301A87C95CDF5C82DEA
                                                                                                                                                                                                                                        SHA-512:403DB78A35F9EB212FF7B0FDDBBEB0D62EF0307E9E0CDBDA5814666C03DC710D5277D042F8C3D5E10471DA310BCF1D978CCC802B99A66546832A41DF645009EC
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@..P...............((...`......H'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P ..x....................&......................................BSJB............v4.0.30319......l.......#~......H...#Strings....L.......#US.P.......#GUID...`.......#Blob......................3......................................................p.....D.....9.....X.................W...........&.....o...........A.....*...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.860170703382652
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:i+SWikW0uNyb8E9VF6IYijSJIVxAd562Dn:i+eGWEpYi60Cbn
                                                                                                                                                                                                                                        MD5:8A1D6584F6699495D216CE48FC51CEC0
                                                                                                                                                                                                                                        SHA1:216DE8412ACC0B0F518DF2A054C16F8D06F738D8
                                                                                                                                                                                                                                        SHA-256:38CF660842803C4A0857F867084818A4142B25E03523998353574AEE007714FF
                                                                                                                                                                                                                                        SHA-512:02C91FD17F37AA0FE6083F5408B992A8D73CF67C164AF3373DCB90CFFF85198AAF3FC259DB954532F74A03A222858E38E83424610F4AF9C2032E0624CBDB8E8A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ...............................^....@..................................(..O....@..P...............((...`......d'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......X...#Strings....h.......#US.l.......#GUID...|.......#Blob......................3......................................................y.....M...........a.................`.........../.....x...........J.....3...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.Watcher.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.905045898726266
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:aDxxhREWzgW5APUNyby2sE9jBF6IYiYF85S35IVnxGUHF76am9/fr:iAWzgWSsNyb8E9VF6IYijSJIVxXej
                                                                                                                                                                                                                                        MD5:8A767C64807803EE2157ECED3EAB4F40
                                                                                                                                                                                                                                        SHA1:6F43F7316CC9C0D076D34AA8FDA46000F49D401A
                                                                                                                                                                                                                                        SHA-256:837590D809B2A96F1419C5679D80FA2754FA834F2A334757C42DC466A048EE5E
                                                                                                                                                                                                                                        SHA-512:C6966CA4F0F40BEE5A4ECA7F6447AA5589879E40EFEE78116E684F4CC824FF2E4F4DBB22A4C387CE4D9924BF5CABDE6E8CD9E6CCCB60D89FFF1D500BD83C1485
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ...............................~....@.................................p)..O....@..@...............((...`......8(............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................)......H.......P ..h....................'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings....@.......#US.D.......#GUID...T.......#Blob......................3..................................................C...f.C...:.0...c.....N.................M.................e...........7..... ...................*.....*.....*...).*...1.*...9.*...A.*...I.*...Q.*...Y.*...a.*...i.*...q.*.......................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.86496439626087
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:xBLRWbYWziZNyb8E9VF6IYijSJIVx7cB0k:xB2xi9EpYi60YP
                                                                                                                                                                                                                                        MD5:A7AEEE4138CB59CCD273DBD2E0E79D9A
                                                                                                                                                                                                                                        SHA1:31C9C6E1E50CA1C39D924ACE1E8E4C642A687431
                                                                                                                                                                                                                                        SHA-256:6F46D4AFCC2EF8B44B7A775837F01E7EDD92E2A2A6FEDAD769FF28C7EA7C6D3A
                                                                                                                                                                                                                                        SHA-512:4A7756E5F66857C9CDAF9E80E8AABDC234E0091E6C23A146B77FE88F54776E25B1E673827E5E0CA65F1B34E7A02671268BD1780DC7966CEFAE343977ECDC4CF2
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............b)... ...@....... ..............................oN....@..................................)..O....@..................((...`.......'............................................... ............... ..H............text...h.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................D)......H.......P ......................X'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings............#US.........#GUID...........#Blob......................3................................................../...z./...N.....O.....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.IsolatedStorage.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.8507567406121606
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:HZxcMRW4/W5TPPNyby2sE9jBF6IYiYF85S35IVnxGUHFyF5ypzB:jHW4/W1HNyb8E9VF6IYijSJIVx+8V
                                                                                                                                                                                                                                        MD5:11583B81A132095BE2553F4253FFE986
                                                                                                                                                                                                                                        SHA1:B8D126B7A3F4656A9AE66761BB6CD6949C1B120D
                                                                                                                                                                                                                                        SHA-256:6971DB538DF637710C89BB3036CD347402E40492CFB7EB49854227C9D49ABF8D
                                                                                                                                                                                                                                        SHA-512:FA28628BCFCF5F5A271C7D690C96C9FEC12001DCE3BA15BC275E56480AC18189C7023B952330DB806F53C941DB196F6A264A5CB8B1E68BE9A5BCC7430CF1FA2F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................s<....@..................................(..O....@.. ...............((...`......X'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......\...#Strings....`.......#US.d.......#GUID...t.......#Blob......................3..................................................+.....+...^.....K.....r.................q.....'.....@.................[.....D...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.MemoryMappedFiles.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.909698580195596
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:CYvkRxpHWmCW5IPRNyby2sE9jBF6IYiYF85S35IVnxGUHF6qPQ:jvk7hWmCWKpNyb8E9VF6IYijSJIVxuOQ
                                                                                                                                                                                                                                        MD5:29CF4ABD4ED3C2A7D09C5C3EB6E5A9EC
                                                                                                                                                                                                                                        SHA1:6F07AF36D1E1E296F360790FC37587AD5CBDDABC
                                                                                                                                                                                                                                        SHA-256:06BE89325BAD5BD4122CD3893FF97D16605BC09E15A4B192DB8CA05203C4C8ED
                                                                                                                                                                                                                                        SHA-512:6E0663EA3D4FEEE1C8BB3D31B913091643D68B7537AA796FE403787AA8C8FF62E8A4140C929BF46483B4FF245F3F06C789195E43CDF2656A0ED04DE0337F42B7
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................y.....@.................................h)..O....@..0...............((...`......0(............................................... ............... ..H............text........ ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................)......H.......P ..`....................'......................................BSJB............v4.0.30319......l.......#~..H.......#Strings....8.......#US.<.......#GUID...L.......#Blob......................3................................................ .C.....C...w.0...c.............................@.....Y.................t.....]...................*.....*.....*...).*...1.*...9.*...A.*...I.*...Q.*...Y.*...a.*...i.*...q.*.......................#.....+.....3.....;.....C.8...K.X...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Pipes.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.875163574516282
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:GUiW2xf+C/WCUW5wP5Nyby2sE9jBF6IYiYF85S35IVnxGUHFLZiDOvs:0GMWCUWiBNyb8E9VF6IYijSJIVxRxE
                                                                                                                                                                                                                                        MD5:470DB4BFE7A89CD96F38B3F12DE58C8B
                                                                                                                                                                                                                                        SHA1:5EC096244022021F28AEFD534E4CA7A1C4ECB418
                                                                                                                                                                                                                                        SHA-256:AA7F7643BCD4A35D4A49C96B598B952D479E83136C287D6794AF2B092BC3A7F5
                                                                                                                                                                                                                                        SHA-512:291EA1AF40E673D8A81C13DA93229657BED8E1EA763AFD180DD68302E9A4C09A21E59147670564C50F733AD1DCA1858EE9DFF110D2C8AD5CD13DDC3E59483BAB
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ....................................@.................................@)..O....@..................((...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................t)......H.......P ..8....................'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings............#US. .......#GUID...0.......#Blob......................3..................................................].....]...T.J...}.....h.$.....$.....$...g.$.....$...6.$.....$.....$...Q.....:.$.................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D...Y.D...a.D...i.D...q.D.......................#.....+.....3.....;.....C.,...K.L...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.UnmanagedMemoryStream.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.856598427079228
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:TBhwI7WSQWEQNyb8E9VF6IYijSJIVxCtglWu:TDwIBSoEpYi60n
                                                                                                                                                                                                                                        MD5:E6D143B54F697EED02B42E6007AF16B1
                                                                                                                                                                                                                                        SHA1:F0405BB9FCC8F0E49DBD8015C975C07FE4A3522A
                                                                                                                                                                                                                                        SHA-256:A2F2615224D8B72EF36FB575511E79405BFE0D17EE56A9C8A688096984D06508
                                                                                                                                                                                                                                        SHA-512:92F060494E8841C468014D5E0651534AD2429BD070B803D0DF6F9A31A50609D8DB582794DB1674DF78B7DDB344EE852F27A98FC81A0710271FBA4531579DFA00
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@.................................l(..O....@..P...............((...`......4'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P ..d....................&......................................BSJB............v4.0.30319......l.......#~......D...#Strings....8.......#US.<.......#GUID...L.......#Blob......................3......................................................f.....:.....2.....N.................M.................e...........7..... ...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.867121675573712
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:QyvPRW4lWvKNyb8E9VF6IYijSJIVxnKoxt:R39oKEpYi60r
                                                                                                                                                                                                                                        MD5:3BBD93806959285D0FA7A7B78AA8280B
                                                                                                                                                                                                                                        SHA1:BCFB697B9BD36EF0CBC637BFC672FC7EC0A7252A
                                                                                                                                                                                                                                        SHA-256:540FA4BC8DF4D9EB350F1A95FFD8872AA7781342E3005DF895342C459F97E205
                                                                                                                                                                                                                                        SHA-512:F7B5C5F38D5AFBE7B4A7FD578C2C894E190EE644F469EC0DA71E540ADD913ED424D45D0D481E500157B93962E34DD1D9CD4A582A54E714C360F6C150398530C9
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ...............................i....@..................................)..O....@..................((...`......l(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...L...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................f.....:...........N.................M.................e...........7..... ...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.&...K.F...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.Expressions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16424
                                                                                                                                                                                                                                        Entropy (8bit):6.821046316109917
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:+6RW6eWX8Nyb8E9VF6IYijSJIVxiAKnbx:+67XcEpYi601KF
                                                                                                                                                                                                                                        MD5:4F0FC3B76A86526C650A9B0684B95245
                                                                                                                                                                                                                                        SHA1:1DC27EE1F71EFD96B4435942B7D9959FC160303C
                                                                                                                                                                                                                                        SHA-256:6B7FF38F8F95CAD304A82F7D709FC9270950DCD1E99E0C52466DD3AD5A6FAA11
                                                                                                                                                                                                                                        SHA-512:3CF0A39B32F9CC4DA14FE0031A7C704EA835AD06840DA70B390D9C857AB7B916ADAC06D61DB0F7BB4EB271547A9F1EF7BC1BD80934E3149E9A08FC6A603CB1F9
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............-... ...@....... ..............................E.....@..................................-..O....@..................((...`......P,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P .......................+......................................BSJB............v4.0.30319......l.......#~..\.......#Strings....\.......#US.`.......#GUID...p.......#Blob......................3......................................5.........c.............z...............(.....E.....................................Q.........../...........b.....b.....b...).b...1.b...9.b...A.b...I.b...Q.b...Y.b...a.b...i.b...q.b.......................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.Parallel.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.854836920097815
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:3SUP9W70WxhNyb8E9VF6IYijSJIVxu1RV7z:iUe/lEpYi600/n
                                                                                                                                                                                                                                        MD5:45D93C6FA649F9204D74AB1899F1C3D9
                                                                                                                                                                                                                                        SHA1:4A0C650FF3D91738B737D485A53E48917E55487C
                                                                                                                                                                                                                                        SHA-256:911640CC89978360175AEBEBAC93B0A00A66431516E2B9DB37EFBEFDD1AA909D
                                                                                                                                                                                                                                        SHA-512:3BD47D5CDB8C4215B9F45575A949378448F68A79B3C0FC74C44C5DED890E82C42D0966C504AAC82CA2C29FD0D4C4E92901FAB8A8B68B6C23B7DDF49CA1E5689D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................*.....@..................................(..O....@..................((...`.......'............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..,...x...#Strings............#US.........#GUID...........#Blob......................3..................................................&.....&...p.....F.............................9.....R.................m.....V...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.Queryable.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.851374926476131
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:t8yg07W0/WtTNyb8E9VF6IYijSJIVx/ou16:tBHEPEpYi60AW6
                                                                                                                                                                                                                                        MD5:2663088236918D37AB0812F458B43C67
                                                                                                                                                                                                                                        SHA1:742477CC66DF985769A06A52F4B9493162851677
                                                                                                                                                                                                                                        SHA-256:FD830178DDDF42D3CFA029D0C7A1F5F47A9988D21D35EB3F6E0BA6E21F24648E
                                                                                                                                                                                                                                        SHA-512:DD2BFFDDB1048EBD4E4F4A6E6E5D4FD87A519B3C9156CBD2192B2EDBBC97D6FD170861AA9644E881722746D0ABDCDD4DB06B9200664B04EE55B909854610C36A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ...............................'....@..................................(..O....@..................((...`......x'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...d...#Strings............#US.........#GUID...........#Blob......................3.................................................."....."...m.....B.............................6.....O.................j.....S.......(...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.817087250089017
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Ge1WmRWgFNyb8E9VF6IYijSJIVxaxg342:GejjBEpYi60qmZ
                                                                                                                                                                                                                                        MD5:B9DDD406A59FAC863D622344082882DE
                                                                                                                                                                                                                                        SHA1:9AFA510A8BD068824AB74F43AB5877A266A4D8FE
                                                                                                                                                                                                                                        SHA-256:F7CC702EC5A643680DB4CE7891B26937D391F9243F46E3FD6025922783CD2B36
                                                                                                                                                                                                                                        SHA-512:50094E44D92E7AF66B02F2BCBAD855B4F63B7CDE8255C7CB5100146A3CE8D5B96D70BFA707507AE93228E0211F4C8D39B3DE32934BC35047DDE9D476EE227236
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ...............................|....@.................................p(..O....@..................((...`......8'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..h....................&......................................BSJB............v4.0.30319......l.......#~.. ...0...#Strings....P.......#US.T.......#GUID...d.......#Blob......................3............................................................f...........z.................y...../.....H.................c.....L.......,...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.(...K.H...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Memory.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):142376
                                                                                                                                                                                                                                        Entropy (8bit):6.161293995450423
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:XUGrszKKLBFa9DvrJGeesIf3afNs2AldfIlqM:eBFd3/aFs2t
                                                                                                                                                                                                                                        MD5:47A13DDA83D02C5B8338A7FC0522A0AD
                                                                                                                                                                                                                                        SHA1:CFF0D0F4B2815E15CC697D199DDAE1579BB4E0A1
                                                                                                                                                                                                                                        SHA-256:2C9775BCA72A1EBACDDF92213E97D10C5BC246BCCB19CD1E0557C811EED5B01F
                                                                                                                                                                                                                                        SHA-512:55BF83CDD4F1664E248C686FE4E2FD9BA748531A35A7352813AA0D6BCBC97C55914A9677FD7B313970291DE5994296D802037ED7F0274A52E599E922E6E5B54D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0.................. ... ....... .......................`............@.................................X...O.... ..0...............((...@...... ................................................ ............... ..H............text........ ...................... ..`.rsrc...0.... ......................@..@.reloc.......@......................@..B........................H........,................................................................('...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....((...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o)....{....(a...*..(....zN........o*...s+...*.(....z.s,...*..(....zF(U....(O...s-...*.(....z.(V...s-...*.(....z.s....*.(....z.s/...*..(....zN........o*...s0...*.(....zrr...p(\....c.K...(O...s1...*.(....zBr...p(Y...s1...*.(....z.s2...*.(....z.(X...s3...*.(!...z.(_...s3...*.(#...z

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Http.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):192552
                                                                                                                                                                                                                                        Entropy (8bit):6.114424648358427
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:neruQlNGOhYq0AQcTvankc+8lbKta4FUPAT8xpRI454I/Kv6RpZ8dwPSgSbM:6W60VcTvakcXcApOc
                                                                                                                                                                                                                                        MD5:D85FEADEBF972203EDE6DDCBDD751A64
                                                                                                                                                                                                                                        SHA1:4156CFE6BC213CC6FC3F6C603F58F91D8519669D
                                                                                                                                                                                                                                        SHA-256:0BA6A020A4288400FAEE2AF447E1D92F29F00EF60BE326E52D211E3FB71453AD
                                                                                                                                                                                                                                        SHA-512:9FA089626EC8F126F3C36C7232B64A2162B4BDE22396A4D3C18A4003771D8D66C48759670FA206891CC5A710C4CFABD6EF93A51943EEE9576502CADC8F3E3B1A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.................. ........... ....................... .......#....@.....................................O.......h...............((........................................................... ............... ..H............text...D.... ...................... ..`.rsrc...h...........................@..@.reloc..............................@..B........................H........$..H...........$....,...........................................0..,........ ....1.r...ps0...z.............(.....s1...*.0..l........J.2..J.o2...2.r...ps0...z..Jo3....%36.o2....JY.2*..J.Xo3.....J.Xo3...(...... ........J.XT.*...J...XT.o3...*..o2....Y./..*..o3....%3 ...Xo3......Xo3...(.... .......*.*..0..=..........J...XT..%....J...XT.~..... ...._.c.....J...XT.~......._..*....0............02...91...A2...F1...a2...f1. ....*..91...F1...aY+...AY..X+...0Y...02...91...A2...F

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.NameResolution.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.836541771573711
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:DZsxgyrWYLW5HP4Nyby2sE9jBF6IYiYF85S35IVnxGUHF5LxLFsX40R:N6ZWYLWBwNyb8E9VF6IYijSJIVxNNLeX
                                                                                                                                                                                                                                        MD5:9028310FF5626D8C5A8AF8815A476744
                                                                                                                                                                                                                                        SHA1:3CFD3BB1B9741EFDDDFC99ACEF4B410ADB9FFE2A
                                                                                                                                                                                                                                        SHA-256:E0CD510CF6EA9A61449CA9FA704A8F32C2DA895226AF7244EEC08004E3A0F738
                                                                                                                                                                                                                                        SHA-512:0B09C0A5EABDBF9EA8FDD3756DFF4F5E02C2A97425AAAE534D2F3A415AD736C47EC4665202C0566ACDCE26AB04D965B6707AF457082E1442A80F23AC0EA35F43
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@.................................T(..O....@.. ...............((...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l.......#~......0...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.NetworkInformation.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16424
                                                                                                                                                                                                                                        Entropy (8bit):6.790953969555689
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:t1W1WMQWkMNyb8E9VF6IYijSJIVxuHDMT:C1yMEpYi60uQ
                                                                                                                                                                                                                                        MD5:1DD38B6E246413ABA656A43913B77059
                                                                                                                                                                                                                                        SHA1:71C61475D59CC97DFA2946B7A7B51B5F24249EC7
                                                                                                                                                                                                                                        SHA-256:61DA35C1B73ABD565CFDC47D4B9019F681CA4F23E8EE36ACAE752F73CADE5377
                                                                                                                                                                                                                                        SHA-512:DF4D8BDD4DB5FCE7C5C1C6F8FAA066CFEAA4370C93F3EADBA27270E4994DE7A36F1F676C5227CF5359FCDA7EA3DE87AD36742ABE774A44A3A7736363A9ED07CD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............,... ...@....... ...............................+....@..................................,..O....@..@...............((...`......p+............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l...<...#~..........#Strings....t.......#US.x.......#GUID...........#Blob......................3................................!...............E.................%.................'...........e.....~...........................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Ping.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.831030175823516
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:6Q/rx72WSKW5TPZNyby2sE9jBF6IYiYF85S35IVnxGUHFA/PQq7O:ZdSWSKW1BNyb8E9VF6IYijSJIVxsQv
                                                                                                                                                                                                                                        MD5:4BD03CE10E027EA6FCBF363408B2D635
                                                                                                                                                                                                                                        SHA1:5AE8496EB6A6BB1C7EBBA18C5CB185E5B7C06607
                                                                                                                                                                                                                                        SHA-256:0B2958F63802C93F92D9A11DDC5DDCC5ADEF96FD76A2FC815B855BB45E2D1AD8
                                                                                                                                                                                                                                        SHA-512:B573C33D95BAF36C7C7EEC0B92441260ED029144853D5A8F70E809B881E5DB55E4C0C352857E3371AFA383D912D3F50B6911A02F74A808FE2A86B4C94C9B70F5
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ...............................x....@..................................(..O....@..................((...`......X'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...L...#Strings....l.......#US.p.......#GUID...........#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.,...K.L...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16424
                                                                                                                                                                                                                                        Entropy (8bit):6.745241534522964
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:zJEYA2WkIWcqNyb8E9VF6IYijSJIVx1IZW2kC:zyYA8CqEpYi60+ZH
                                                                                                                                                                                                                                        MD5:0F2F35CF406093A3515D1903E625D4FC
                                                                                                                                                                                                                                        SHA1:329644B8B9AA08DE7EE8D4A2EF6104E39443FB44
                                                                                                                                                                                                                                        SHA-256:4F2556DB1097C0AFE1BFA39B8AAC464BFE6EE0A1C11A9E5E6C7A8CF4801A64F7
                                                                                                                                                                                                                                        SHA-512:86532AEEBD0344CE2A603986F5C0D5D52DB9528A2ED93BC7C1B531FB93ABEFB639D5AE89838F2E720059714F4E01468A0AB7BD452648BBF88CB52D7DDA4C4F7C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............r,... ...@....... ...................................@................................. ,..O....@..................((...`.......*............................................... ............... ..H............text...x.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................T,......H.......P ......................h*......................................BSJB............v4.0.30319......l.......#~..|...x...#Strings............#US.........#GUID...........#Blob......................3......................................$.........N.U.....U.....-...u.................0...........n.........................>.......................'.....'.....'...).'...1.'...9.'...A.'...I.'...Q.'...Y.'...a.'...i.'...q.'.......................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Requests.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.874609224447225
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:3JGWe4WTYNyb8E9VF6IYijSJIVx5OCvRh:ZmRQEpYi60BD
                                                                                                                                                                                                                                        MD5:11A7A2FD3AF4EBAB476480C6B9844D10
                                                                                                                                                                                                                                        SHA1:BA546C98FF9D2228A6535D45B8A1096CAB5E7E8B
                                                                                                                                                                                                                                        SHA-256:1EBEBB93F3ACC1C6621D4D5B118D0C3D9F24D615EA450E62A6617C16EF78745A
                                                                                                                                                                                                                                        SHA-512:6E7315EEEC8E9B6D57667F57D9D952F5CD563477D26E8ECE918305451FC07B9DB041156C2716C4EE74FFFD2035BFA56D975492A37E445F88BB6759E42B9F0F0A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................Pv....@.................................0)..O....@..................((...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d)......H.......P ..(...................x'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings............#US.........#GUID...........#Blob......................3..................................................4...~.4...R.!...T.....f.................e...........4.....}...........O.....8...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.0...K.P...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Security.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15912
                                                                                                                                                                                                                                        Entropy (8bit):6.7866056000100725
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:NdW1w3WesWn3Nyb8E9VF6IYijSJIVxV4ML3:q1wxd7EpYi60+O
                                                                                                                                                                                                                                        MD5:E99749C2D6855F01AF07726518259C25
                                                                                                                                                                                                                                        SHA1:01923DA1D66638C061F46641EA916EC7AE74738F
                                                                                                                                                                                                                                        SHA-256:67D6A4D61AC7B1D3DFD855DA099899C08BBBC224C3C68B29C74D7E60216EE718
                                                                                                                                                                                                                                        SHA-512:87736819EE103D35F18CA3BFC371752EEECF27E725EB9E3A73EFD21480BE04B5002E0D35F41B82DE009731D8F9999508EE1FB5BB7FB36879B92E4CF3020762E3
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............~*... ...@....... ....................................@.................................,*..O....@..................((...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`*......H.......P ..$...................t(......................................BSJB............v4.0.30319......l...$...#~......t...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0...........D.<.....<.....<...C.<.....<.....<...[.<...x.<...-.......<.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.0...K.P...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Sockets.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):24616
                                                                                                                                                                                                                                        Entropy (8bit):6.593818167121892
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:AylNGlfdqj5531HJTABhf8g2MkO1ICMbmiT2Y4Y3ocWS9sWvW8YsW1gNyb8E9VFP:Ayp12Bhkg3qnV/srYEpYi60Rr
                                                                                                                                                                                                                                        MD5:E3238BA54E79B27CC6E7EBF902556D09
                                                                                                                                                                                                                                        SHA1:F8BC1F7D512657E9B0E5CDBD7843AB4101D2EA33
                                                                                                                                                                                                                                        SHA-256:D16AD1F3B3D97BA1331204060013A3CE898594BCE31CA84F700613D880525245
                                                                                                                                                                                                                                        SHA-512:AD8E1BAAF7B75B5AFE5800201D1BC26E9C9565BAECC13EDCE367FB7BF2A53D1B15E6B25380A31100B28213ECC1B03C8108DBAFF53EBCF5652E8E9A0C3CD0E3EF
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..*...........I... ...`....... ..............................m.....@.................................gI..O....`...............8..((...........H............................................... ............... ..H............text....)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............6..............@..B.................I......H.......H(... ..................HH.......................................0..J.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%......o....*...0..L.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%........o...+*.0..K.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%.......o...+*..0..L.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%........o...+*.0..L.......(....~....%-.&~..........s....%.....~....%-.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.WebHeaderCollection.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.854872320109744
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:rSHlx2PW1bW5kPWNyby2sE9jBF6IYiYF85S35IVnxGUHFl5tcr05b:GHPAW1bWieNyb8E9VF6IYijSJIVxJ5aw
                                                                                                                                                                                                                                        MD5:685C4B4E983F839137E2CD7B774A1002
                                                                                                                                                                                                                                        SHA1:2D7CF0F91AA51112C2A4338448148E2957431E56
                                                                                                                                                                                                                                        SHA-256:5FD54CD23BF035AB595A741CD728931AEAAD1FE5E631B45DD5E5276AAB412829
                                                                                                                                                                                                                                        SHA-512:DA9C144B5FB649B811C0BFDD1989AA573AF8AC8F352F7D0A97187CF0687E989B2B794AC89A08AEAB734ACBAFD4D55E19F7A294F64E5C503E17BB85A84E158973
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ...............................h....@..................................(..O....@..P...............((...`......P'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......P...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3......................................z...............\.....0.....3.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.WebSockets.Client.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.853982369164623
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:4+TxwFqWD7W5/PtNyby2sE9jBF6IYiYF85S35IVnxGUHFCetdXG55K:zNoqWD7WJlNyb8E9VF6IYijSJIVxeOGy
                                                                                                                                                                                                                                        MD5:24327AF1BAFF48BA5F1F6324A61F71C1
                                                                                                                                                                                                                                        SHA1:F9A22C0C5FFA2EC82A4FEB4A902689B6FC59179F
                                                                                                                                                                                                                                        SHA-256:D74B179263A195AE4D5720B66EEFBABDE09EAC0014FE6E65DF98E5623210DB8F
                                                                                                                                                                                                                                        SHA-512:21104DFA526301C7A8724AAD6356BE1D0752C38184148811BAB8C9A26EC9D1EBD6ED0A91EE580E3D8F76710E2989DD3A9A16F6EACADCE386BD66DC0BA8818D4B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ...............................:....@.................................|(..O....@..@...............((...`......D'............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P ..t....................&......................................BSJB............v4.0.30319......l.......#~......X...#Strings....L.......#US.P.......#GUID...`.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.WebSockets.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.86328119964248
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:bGETSAWUEWSWNyb8E9VF6IYijSJIVx6t2no:fT18+EpYi60S
                                                                                                                                                                                                                                        MD5:2CD1F525D9E7AF6369F04152A467D8ED
                                                                                                                                                                                                                                        SHA1:45F957A01971249BC1CB7EE43A1C1A714B33737C
                                                                                                                                                                                                                                        SHA-256:8EC2FA24A534A8A6BC488AFC6C8DCA0266135B01C49DBF9FE16920C2BFC5C8CD
                                                                                                                                                                                                                                        SHA-512:6E600BE03E5FAA11F56CB615588B58B605163549093436213B8595D12BB9F29A6847A38B8DFC41C07004BF3E1E2F621ED1EEAF72F9ACD41D66A5C2C295B2B381
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............B)... ...@....... ..............................>.....@..................................(..O....@..................((...`.......'............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$)......H.......P ......................8'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID...........#Blob......................3............................................................T.....,.....h.................g...........6.................Q.....:...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Numerics.Vectors.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):110120
                                                                                                                                                                                                                                        Entropy (8bit):5.510648737251264
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:TPOw0SUUKw+GbgjMV+fCY1UiiGZ6qetMXIAMZ2zstK/Yb76H:TWw0SUUKBM8aOUiiGw7qa9tK/Ybg
                                                                                                                                                                                                                                        MD5:A27760BA058AC5856F4A1D07210B6A42
                                                                                                                                                                                                                                        SHA1:BDFC736271A1C4E0D04846ACEF7285A491448BAE
                                                                                                                                                                                                                                        SHA-256:851B73A64C57B6E149A0B2677DC5F89BA39F31E61EFE37949C48C3697FA62324
                                                                                                                                                                                                                                        SHA-512:A50573FCE43757A7C8530BF71067D4D40C3591337424952E7B603E2C811CFC89631DE17DAFBFD9D714DBF4975E687152CE3CEB1479E448AAAB4878E17C98848A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0..v............... ........... ...............................K....@.................................f...O.......................((.......................................................... ............... ..H............text....u... ...v.................. ..`.rsrc................x..............@..@.reloc..............................@..B........................H........Q..|?..........$... ...D.........................................(....*&.l(....k*&.l(....k*..l.l(....k*..l.l(....k*&.l(....k*&.l(....k*&.l(....k*j~....%-.&(....s....%.....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2rG..p.(....*2r...p.(....*2r...p.(.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ObjectModel.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15912
                                                                                                                                                                                                                                        Entropy (8bit):6.847676268621053
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:RcDagtDApWSKJWFrNyb8E9VF6IYijSJIVx4LsXNJ5:RPKBKnEpYi60N9D
                                                                                                                                                                                                                                        MD5:ED0BB3B04E5B5FECFD7C93BAE2707C3A
                                                                                                                                                                                                                                        SHA1:BF9F93430B820FBDE7D101C739A0BF8B48DF1BAC
                                                                                                                                                                                                                                        SHA-256:B217AE70945AD17489E5C89E1D0B5F9798498ABD0F2DB595221AC3E77F770706
                                                                                                                                                                                                                                        SHA-512:3C0B6FBB62EF929463A9834A27A2379E0125AEE03E5183B3CDE0F32C22E8F99E5842FF76F0BED19EF1AB447E0D44AD910742D4447E958475C5DAE02D53C4FDAC
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............+... ...@....... ..............................\!....@.................................0+..O....@..................((...`.......)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d+......H.......P ..(...................x)......................................BSJB............v4.0.30319......l...x...#~......$...#Strings............#US.........#GUID...........#Blob......................3......................................x.........w.o.....o.....\...............<.....Y.................................................G...........V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C./...K.O...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Reflection.Extensions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.85953484591678
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:/m6NxhqWD4W5wP6Nyby2sE9jBF6IYiYF85S35IVnxGUHFAyboMbWXn:/nIWD4WmiNyb8E9VF6IYijSJIVxM0RW3
                                                                                                                                                                                                                                        MD5:1566627D5F85534882E69C079652B08A
                                                                                                                                                                                                                                        SHA1:4EDA90289B7E1A969736D7814E63AE3E5B4C567D
                                                                                                                                                                                                                                        SHA-256:86E7CF64275697064B1A89D9377BDE56D8EE1293A21E57AE84BD8E2FB8279F71
                                                                                                                                                                                                                                        SHA-512:07410B21E565377D6F9CA84D4006A54534261EE7BBDD9EF360AE222E2D229030118C78A98108D1FAA8115BE8D1AB8F155A1240AA3E3EFEFA16AD1658E3B134B6
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@..@...............((...`......\'............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......`...#Strings....d.......#US.h.......#GUID...x.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Reflection.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15912
                                                                                                                                                                                                                                        Entropy (8bit):6.783953692294162
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:6W2KxVSWzQW5qPFNyby2sE9jBF6IYiYF85S35IVnxGUHFh/JZlGCQMO:tMWzQWc9Nyb8E9VF6IYijSJIVxN/JjI
                                                                                                                                                                                                                                        MD5:83E20341704AF26C8FF74D9321B10C1E
                                                                                                                                                                                                                                        SHA1:A18DF150BA8D6D982A7CED9AB8B922C8BFFBD539
                                                                                                                                                                                                                                        SHA-256:705EB209C34E9E8407DB2B6099464CE9E7A18FF4B98333F12C65A6B75CCCAE36
                                                                                                                                                                                                                                        SHA-512:137CD3A31A5D06B9DD06E6F38E4DC16687ECB3398AFC1767C89AFD39B9AA87EE103A6E414857ABDEC286D9B2C9236C2EE99F24968EE35D93B02704EF0F57B9F1
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............N*... ...@....... ..............................(,....@..................................)..O....@..@...............((...`.......(............................................... ............... ..H............text...T.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B................0*......H.......P ......................D(......................................BSJB............v4.0.30319......l...L...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................z.....N.....:.....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Reflection.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16424
                                                                                                                                                                                                                                        Entropy (8bit):6.724716036489479
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:fxDHKWAMWcpNyb8E9VF6IYijSJIVxlPKCg:pD8GtEpYi60Vq
                                                                                                                                                                                                                                        MD5:2337819E421DBF3C3315634681A605AA
                                                                                                                                                                                                                                        SHA1:76B72AD495AD0635D260BDC23BC7C206DFFB9810
                                                                                                                                                                                                                                        SHA-256:7B7737D5E647CB55BAACCEEE7C79869B5D128150E468CBF2108526C035B4DA18
                                                                                                                                                                                                                                        SHA-512:6F55EDD2426A45C8DC68F14AE5EC640E4A8DB515ED913FE7EC0831DD8BF075010336598CADDDB2FCC14C1959C6FF7FD49A1635C162CE4FFFD8139ABDD524246E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............r,... ...@....... ....................................@................................. ,..O....@..................((...`.......*............................................... ............... ..H............text...x.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................T,......H.......P ......................h*......................................BSJB............v4.0.30319......l...H...#~......D...#Strings............#US.........#GUID...........#Blob......................3................................"...............1.............{.................................Q.....j.......................n...................u.....u.....u...).u...1.u...9.u...A.u...I.u...Q.u...Y.u...a.u...i.u...q.u.......................#.....+.....3.....;.....C.....K.N...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Resources.Reader.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.8309757576772085
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:QLNBEW6pWx7Nyb8E9VF6IYijSJIVxdT1qe2/g:QbMSXEpYi60p6g
                                                                                                                                                                                                                                        MD5:8F83077CD78C15C196B3AA4403A25361
                                                                                                                                                                                                                                        SHA1:27697D0A50410F45F3647E8F83AA2434D8D23084
                                                                                                                                                                                                                                        SHA-256:B3948D23C8370786B1A7FCDBE4805ADF3B116EA9F800F4F1A5BA9BAA59A094BF
                                                                                                                                                                                                                                        SHA-512:E0A3B4BF601BEB53425F1C3280F984177E13D4F025E7F96B54AB2105B15F628813BEB9E37E01D45FB334C21602A34BA2F865B963DEB97BA50DFEDD9F2D4562EA
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ...............................{....@.................................D(..O....@..................((...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................x(......H.......P ..<....................&......................................BSJB............v4.0.30319......l...|...#~......0...#Strings............#US.........#GUID...,.......#Blob......................3......................................z...............\.....0..... .....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Resources.ResourceManager.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.884464800766763
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:sKkHKW/tWBpNyb8E9VF6IYijSJIVxkNKuTXO78m:xumtEpYi60WlWD
                                                                                                                                                                                                                                        MD5:608CFA5936FAE45411397B435050646F
                                                                                                                                                                                                                                        SHA1:3CD38EC97A122C32859A35EC121469D600280E54
                                                                                                                                                                                                                                        SHA-256:E5EDDD5A318D1945AF4E45A3D00F516295BABB26E5D8AE6586EAD3C5F1F479CE
                                                                                                                                                                                                                                        SHA-512:C71502BE6AB04CD3944BAD137E53823C8FF48B589D28EABC80D74007083B59E3F8AD0441DDFF14926BA7E931B08B39977B67F15DB88D40B4F5AC9F0B0913F2FC
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ....................................@..................................(..O....@..`...............((...`.......'............................................... ............... ..H............text...4.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B.................)......H.......P ......................$'......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................W.....W...R.D.........f.......................=.....V.....}...........q.........................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>...Y.>...a.>...i.>...q.>.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Resources.Writer.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.830471433252565
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:6LnfIWqrWx8Nyb8E9VF6IYijSJIVx7Dq1bAae:6Df4ocEpYi60gbNe
                                                                                                                                                                                                                                        MD5:22BADF9DD8B72261A211BFD011A4C8B2
                                                                                                                                                                                                                                        SHA1:3248AB6897B1B11E2435B2922516B1D425A0A066
                                                                                                                                                                                                                                        SHA-256:3ACE189115E9E0CBEF40D91113D2534065E9B3C7637AEC7FC2FCC076AB9821A2
                                                                                                                                                                                                                                        SHA-512:BABF37E5B9ED54ECBCA2F6F22BA1CAB012B7AEF98338DB8EA5C66B3C88FC6218104F317324F59B3F37DC552442683CFA07C144C930F2D928A5AFD9E8F3BB717F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................,.....@.................................D(..O....@..................((...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................x(......H.......P ..<....................&......................................BSJB............v4.0.30319......l...|...#~......0...#Strings............#US.........#GUID...,.......#Blob......................3......................................z...............\.....0..... .....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):17960
                                                                                                                                                                                                                                        Entropy (8bit):6.671168291822592
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Qh06sbbVVPWU2WYNNyb8E9VF6IYijSJIVxeBe+:Qy9gpEpYi60AV
                                                                                                                                                                                                                                        MD5:B2A7A924DE7A9B3A1BC24F97C96F46A7
                                                                                                                                                                                                                                        SHA1:63C105C2BE54181A927240CE53A245EEF5772006
                                                                                                                                                                                                                                        SHA-256:E6BF244EA19064E9E60800D7E126BA7C50410F7DF9C382EA34C83D296664BF8E
                                                                                                                                                                                                                                        SHA-512:315CA16713CB063AA712E1D513A0264C6C5CA95845F7756BACEE4F296EAB5DB9A55706C754254DB3A5DF9DF18C7BFDF32581760A5BFDFDF9743FA1AB363CCD41
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....._...........!.................3... ...@....@.. ..............................z.....@.................................@3..K....@..................((...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p3......H........$..0...................P ......................................._.%c......=.n')...(v..:}.d...3...B...).. .:Q(....L.jt....}Xv.b7y0r.[..$.....q..c.6.....p..2..qHv/.pb.=..9.o"z.. 0P.t%H....U...0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0..........*....0................*..0...............*...0..............

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.CompilerServices.VisualC.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15912
                                                                                                                                                                                                                                        Entropy (8bit):6.813587934716137
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:2na8WK1WLfNyb8E9VF6IYijSJIVxY4fz9:2na0ojEpYi60J9
                                                                                                                                                                                                                                        MD5:5716EE2738F8F76979155FDACECB5C0C
                                                                                                                                                                                                                                        SHA1:9A6AE1A93840839FA647DE64F6318D7F56B26D4C
                                                                                                                                                                                                                                        SHA-256:3BF698EDC3D060A83316B39224B6CB6568F6F6E06AABBE2BA2517DBC665DD4DF
                                                                                                                                                                                                                                        SHA-512:FDB045A6AA74D42EC14703BAE90156BF82C945610A967D985755A815476F1BBA2A83867169945C492679BB42298ED420323915D5E4967C8D05534B1667820A4A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............j*... ...@....... ..............................a.....@..................................*..O....@..................((...`.......(............................................... ............... ..H............text...p.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................L*......H.......P ......................`(......................................BSJB............v4.0.30319......l...@...#~......0...#Strings............#US.........#GUID....... ...#Blob......................3................................................w.................!...........<.....Y.............................................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Extensions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15912
                                                                                                                                                                                                                                        Entropy (8bit):6.761881198456678
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:TBSWITWWSNyb8E9VF6IYijSJIVx3mR6CrIO:T6LyEpYi60WRjIO
                                                                                                                                                                                                                                        MD5:6DE7AC728A20BC60F092479E3EF06F6D
                                                                                                                                                                                                                                        SHA1:ABCCBD3458F0692B50C23423171BB4B72718ABD5
                                                                                                                                                                                                                                        SHA-256:E7F96EF21BC499872D1B80974A40C97524C788AAB36946AF04B08F32B2EC643F
                                                                                                                                                                                                                                        SHA-512:BE53EB4C43DE79C9FA0FE448C37879FBC0C3C1F85FA0047FBF93C9E1EBA8464D680E03F96154ACC42E10CDD85E2D3378736C72F0FBBC4CA2D589F4FEB0E0B195
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............*... ...@....... ..............................!E....@..................................)..O....@.. ...............((...`.......(............................................... ............... ..H............text...$.... ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...@...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................|.....|...S.i.........g.................f...........5.....~...........P.....9...................c.....c.....c...).c...1.c...9.c...A.c...I.c...Q.c...Y.c...a.c...i.c...q.c.......................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Handles.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.8756068830878
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:j88cIIWNoWJiNyb8E9VF6IYijSJIVxJyw:j9cU7iEpYi60x
                                                                                                                                                                                                                                        MD5:E7E2D8DF7EAD9D209524406044848F25
                                                                                                                                                                                                                                        SHA1:2CD56D0483F23294671B5AB95F041E76ADB7CFAC
                                                                                                                                                                                                                                        SHA-256:3437DC1F9380D9890B77A06597901EE1C5B3DD5F9A889D7AA8A2F46CBE314BEC
                                                                                                                                                                                                                                        SHA-512:23E2467186C50BBF8468F70C17C1E44794A79766B88B75BC6F90E4B6758FB9714831A9F1C0831606BB929D69A812D6C86FBB843B48B231B1169E689C0B90589B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............V)... ...@....... ..............................M.....@..................................)..O....@..................((...`.......'............................................... ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................8)......H.......P ......................L'......................................BSJB............v4.0.30319......l.......#~.. .......#Strings............#US.........#GUID...........#Blob......................3..................................................*.....*...c.....J.....w.................v.....,.....E.................`.....I...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.InteropServices.RuntimeInformation.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22568
                                                                                                                                                                                                                                        Entropy (8bit):6.618631827128889
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:IkUwx9rm5go1fWKmmW4oqN5dWjaWbJNyb8E9VF6IYijSJIVxowXUlv:XrmoFmWXX/NEpYi60bav
                                                                                                                                                                                                                                        MD5:1CC223DA2E4AC998C53EA59B66F356F8
                                                                                                                                                                                                                                        SHA1:975FC204A6D8B093F2331B3B7FC93E04680F5B86
                                                                                                                                                                                                                                        SHA-256:86EC9DD10202679A39E3A934825EE267F625C2D7D3D907530D57C3FA48B211CF
                                                                                                                                                                                                                                        SHA-512:C0A6ECE93E33F9E9512B3AEFCF8B3AC0E6ACC64B65FBB86217A28E70B60CFD6414F3C2730EC1EE51195DA00EE096CA13BB5183FA05DDA52042652EBF50AE5B43
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..&...........E... ...`....... ....................................@.................................PE..O....`..x............0..((...........D............................................... ............... ..H............text....%... ...&.................. ..`.rsrc...x....`.......(..............@..@.reloc..............................@..B.................E......H........$...............A.......C......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r/..p.(....*......(....*2(.....(....*^~....-.(.........~....*.0..........~..........(.........(....-Y..(!....{/......5..,

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.InteropServices.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):18472
                                                                                                                                                                                                                                        Entropy (8bit):6.6724040809809555
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:U09bOAghbsDCyVnVc3p/i2fBVlAO/BRU+psbC984vmJHrE1dtx66aI2sU52RWVsp:VOAghbsDCyVnVc3p/i2fBVlAO/BRU+pf
                                                                                                                                                                                                                                        MD5:D1D58B64959C12A4FD927DD402163CC5
                                                                                                                                                                                                                                        SHA1:412A1FCCB056168F709DA18A57C70BA116C0A4D7
                                                                                                                                                                                                                                        SHA-256:F0A641647BA8FEA83ED81359106D386710147A8E5C5BD61B23F71B9BAE352D17
                                                                                                                                                                                                                                        SHA-512:62234C2B5531BF63C250DB381B7D642BD441D5EC61478CCEED76CDB03AA11011A332DFD9A5A98AB99D36B35CAA6672A09B562C19DF5C70BBEABA16F7FB8E4203
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............r5... ...@....... ..............................-^....@................................. 5..O....@..P............ ..((...`.......3............................................... ............... ..H............text...x.... ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B................T5......H.......P ......................h3......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................r.....................e...........4.................3.....L...................................R...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Numerics.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.829655689203351
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:cRYx4AW6RW5wPSNyby2sE9jBF6IYiYF85S35IVnxGUHFt7kRFiylI6a:f7W6RWmaNyb8E9VF6IYijSJIVxZ7D1
                                                                                                                                                                                                                                        MD5:6976929BBABCA3037BD9C167A2F404C3
                                                                                                                                                                                                                                        SHA1:879B8D9EAAA33348417B636F5FC9C0352CA0D007
                                                                                                                                                                                                                                        SHA-256:C42091E10CB4BF21CEF687E4320F2A2C50C9EC0FAE63B642F4B3C44F2F2E404F
                                                                                                                                                                                                                                        SHA-512:FEA16FDDEEC9DC12652E7DC17EC402A117FD1F045969FA2AFED6AB0F09D31271933AA15592693C4D2EB82AAC8EE724641ADBAA4B1DDA6FCBE0CFF4016A6D1962
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ...............................=....@.................................T(..O....@..................((...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l.......#~......4...#Strings....(.......#US.,.......#GUID...<.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Serialization.Formatters.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.921024068511714
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:wI5HeWFwTBsWWcNyb8E9VF6IYijSJIVxuKiej:wI5HFwTBI8EpYi60lNj
                                                                                                                                                                                                                                        MD5:2DFC13FAC522AC63441125E17F4B8ECC
                                                                                                                                                                                                                                        SHA1:7C7FE89B151FBE4BD68F4BB292BDECF097E181D0
                                                                                                                                                                                                                                        SHA-256:BFC87A0F913B23E28636FDDC346D5C279E6F5B1023E6A80B1657047101646202
                                                                                                                                                                                                                                        SHA-512:4D8067CB2201BD92DBC45497C3EE3C7A93ED5859D309B0359F3490F0A5438D0E80E4C1A210F32AE142EDB817D7D721B171FE1B538260FA8265AC1E8DD81EB938
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ...............................4....@.................................|)..O....@..................((...`......D(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ..t....................'......................................BSJB............v4.0.30319......l.......#~..H.......#Strings....@.......#US.D.......#GUID...T... ...#Blob......................3............................................................U.x...........................~.....4.....M.................h.....$...................r.....r.....r...).r...1.r...9.r...A.r...I.r...Q.r...Y.r...a.r...i.r...q.r.......................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Serialization.Json.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.892625196711899
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:PAJpVWbfkBnWRXNyb8E9VF6IYijSJIVxn+f3J:PAJpWfkBAbEpYi60a3J
                                                                                                                                                                                                                                        MD5:045F3B062CBDD6486E81D56AD6ADB1F7
                                                                                                                                                                                                                                        SHA1:0A4DEC84E3B588FB09BE09ED4D2111477445B26F
                                                                                                                                                                                                                                        SHA-256:EFA9FABEB1009EEEBAEEB6B57B4ED2B0C3660EB43764A83668DC3010C70CA86A
                                                                                                                                                                                                                                        SHA-512:2A572BAF6058F5456F81D437F593A5FD58D9F05FF80E03DA760322025A09C6A790FB5BF11DFC21D38247F3FD52D03F3A0FFAE4F11A798C362A8873826B8B5F24
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............>)... ...@....... ..............................([....@..................................(..O....@..`...............((...`.......'............................................... ............... ..H............text...D.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................ )......H.......P ......................4'......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3......................................z...........@...\.@...0.-...`.....D.................C.................[.....x.....-.........................'.....'.....'...).'...1.'...9.'...A.'...I.'...Q.'...Y.'...a.'...i.'...q.'.......................#.....+.....3.....;.#...C.>...K.^...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Serialization.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21032
                                                                                                                                                                                                                                        Entropy (8bit):6.539784818924537
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:b8R71h7yzt94dHWFgQBVWeHWFyTBVW2dNyb8E9VF6IYijSJIVxRNzz8:W1dyAqgQBfqyTBZZEpYi60g
                                                                                                                                                                                                                                        MD5:4F86DC8958B2EADD05103A3973E2EDAF
                                                                                                                                                                                                                                        SHA1:80A96E28831D2A41C80172F680C0C937761BEECD
                                                                                                                                                                                                                                        SHA-256:051561A7CA00CA206A98FBAF018FD9EB51B2D42DAAF32AF0F7A2C8F7D145BE29
                                                                                                                                                                                                                                        SHA-512:7BE008DC538478E83C80934F4EBFE9E056919E3D764ECABE220600217ABCA46E1361C962280227B131D7E2BFB1A88BF3F6D4C69B58A224FE2C737AD7F93EA4C0
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............8... ...@....... ............................... ....@..................................8..O....@..8............*..((...`.......7............................................... ............... ..H............text........ ...................... ..`.rsrc...8....@......................@..@.reloc.......`.......(..............@..B.................8......H.......|!..l............1..p...X7......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*......(....*..BSJB............v4.0.30319......l.......#~..h.......#Strings....\...4...#US.........#GUID...........#Blob...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Serialization.Xml.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):18984
                                                                                                                                                                                                                                        Entropy (8bit):6.681785803676866
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:xpsBljcZQIVI8CNwbcyMWs4oBOW9MWG4tBOWb8Nyb8E9VF6IYijSJIVxZ8o8z:nsPMQMI8COYyi4oBNw4tBrcEpYi60S
                                                                                                                                                                                                                                        MD5:43F7E5827AF0DC34C13D7EF02B5877AA
                                                                                                                                                                                                                                        SHA1:89D7B88D8803DBE8DDC925E5252EA336F0EB2AE9
                                                                                                                                                                                                                                        SHA-256:63D90FC022D531AF33493D413FCD7C88553F0C47EA7909144F9CE4C76C0DF9F5
                                                                                                                                                                                                                                        SHA-512:64EA2414299E84137FA1828F96953F4B039B19C3A0B4527C19971B11A32C58C4044C7335EF76F384057FD52111A1DD682E12B52CFE5EC81E7D1B484DFE15F4F2
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............3... ...@....... ..............................>.....@..................................3..O....@..............."..((...`.......2............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................3......H........!..0...................L2.......................................s....*..s....*..0...........o....u......,..o....*.*.0..%........s..........(....r...p.$o......o....*:.(......}....*..{....*.(....z.(....z6.{.....o....*:.{......o....*.(....z:.{......o....*.(....z.(....z.BSJB............v4.0.30319......l.......#~.. .......#Strings....$...0...#US.T.......#GUID...d.......#Blob...........W..........3............................................................................

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):23592
                                                                                                                                                                                                                                        Entropy (8bit):6.317272664503148
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:VbhigwLAuZtM66g/Id7WVXWgvNyb8E9VF6IYijSJIVxdTSuB:VbhzkKs9TEpYi60p
                                                                                                                                                                                                                                        MD5:3F33D240969A76306AA2884F7254E84E
                                                                                                                                                                                                                                        SHA1:83E0443482D87D7537586E6C686CA8CD37E1DE49
                                                                                                                                                                                                                                        SHA-256:2B18DC264B14C3A8A553F2ADBD8E08643049AFC970E94A71CE9DD1CD120326BD
                                                                                                                                                                                                                                        SHA-512:8A16029FFB19805AD62846438792058C2CE83AB9916862EE65F8332F740C08B7E213D3261CEA0340323EB6ED406B416EBE80DAB002A49E10152FC492DC7E9B31
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..*.........."H... ...`....... ....................................@..................................G..O....`...............4..((...........F............................................... ............... ..H............text...((... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............2..............@..B.................H......H.......P ...%...................F......................................BSJB............v4.0.30319......l.......#~..........#Strings.....#......#US..#......#GUID....#......#Blob......................3................................................_.........................8.....8...*.8.....8.....8.....8.....8.....8.........*.8.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.+...K.K...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Claims.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.8641760993802
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:sUcX6W9aWTmNyb8E9VF6IYijSJIVx7y5UA9:sUchXuEpYi60K
                                                                                                                                                                                                                                        MD5:90851FAA93AC21FA4BFF8B44E19CD3EA
                                                                                                                                                                                                                                        SHA1:55A2DF0C354E03E704C779BE91ACFAB15B0EDD2F
                                                                                                                                                                                                                                        SHA-256:2E0F1D274410F097DC9338BD152F996B8C0975D6E21BF6A0672A57EE54CE1482
                                                                                                                                                                                                                                        SHA-512:CE183ADDD8E5A93B08ECDB463F8B071537B4B4ACB44BF0EBCCAE3448FABBA67DC0AC85671503E94A0E7F86FA0353DA629653846C7C66233D3130AFDB8F956F91
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............B)... ...@....... ...............................@....@..................................(..O....@..................((...`.......'............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$)......H.......P ......................8'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....(.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Algorithms.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):41000
                                                                                                                                                                                                                                        Entropy (8bit):5.950693749695141
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:EoBj7kS+8mjvHTeaWKs0Sd4eeUAEpYi60v:TPmb9WKs0PeeUJ76m
                                                                                                                                                                                                                                        MD5:7FB055C905D9A39F3C6A3727F9973931
                                                                                                                                                                                                                                        SHA1:CFB905ABADB4763E14ED6C81FB53237B5535471E
                                                                                                                                                                                                                                        SHA-256:0DF92CC1C99757A8AF1F9E602C558BBD5951E7F74FB4B4818310AE62F14951A3
                                                                                                                                                                                                                                        SHA-512:C65200E385652D5E6EAB6D4C879C2F3CA013F661A70C7EA269FC2A56CFAAE7D1349E67228A0734334446DF7F5FD496F677A0D5EA389F00E1B3C9B4819EE8D5D6
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..h.............. ........... ....................................@.................................u...O.......8............x..((........................................................... ............... ..H............text....f... ...h.................. ..`.rsrc...8............j..............@..@.reloc...............v..............@..B........................H.......P'..\8..........._...%..,.......................................j~....%-.&(F...s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2rI..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r9..p.(....*2rm..p.(....*2r...p.(....*2r...p.(....*2r=..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Csp.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.894656801462163
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:jTI2pWPzWmWeNyb8E9VF6IYijSJIVxWxypsikUt:jE3bnEpYi60ppJt
                                                                                                                                                                                                                                        MD5:5AF75DD465E0FB5499F26F7705C66EF0
                                                                                                                                                                                                                                        SHA1:B818D0D374D1481AFBBFC10ACC18FAE415884091
                                                                                                                                                                                                                                        SHA-256:03CE2EDBA81F2B4FC721152A43E50D897F3729EFC95FDAAA9B75FE1044CF8E9C
                                                                                                                                                                                                                                        SHA-512:014A9171C2EC833D33E0FEF4B23187583E4E2D75C81B61B6966A44F1598AD7D7FD458920189B0FCBD2F2C877B8CB3CD0395ECA155137803F8733B51ACB610EE1
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............^)... ...@....... ...................................@..................................)..O....@..`...............((...`.......'............................................... ............... ..H............text...d.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................@)......H.......P ......................T'......................................BSJB............v4.0.30319......l.......#~..,.......#Strings............#US.........#GUID...........#Blob......................3......................................z...........A...\.A...0.....a.....D.................C.................[.....x.....-.........................(.....(.....(...).(...1.(...9.(...A.(...I.(...Q.(...Y.(...a.(...i.(...q.(.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Encoding.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.910298478995302
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Vcezoy4W04WGINyb8E9VF6IYijSJIVxmpc:VBzoy+kgEpYi609
                                                                                                                                                                                                                                        MD5:F21B83D02F3F41A17DA661D1946ABCFC
                                                                                                                                                                                                                                        SHA1:D9AE7E6A4349F630621F3ADA8DC4CEF314E90436
                                                                                                                                                                                                                                        SHA-256:F373EB334E331CC72EE6E7CFF66C1594F3DB4CE7C895ACE2DA867F114A84CAAE
                                                                                                                                                                                                                                        SHA-512:AA916DE4EE19F17D7B3938EE7BF14F72DA77B839A0C995EA43A927DF15889C2CAD2C6800F318454A062CA7B774D713F30A450771B561D8CA8E38BA98C76960BE
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............~)... ...@....... ...............................\....@.................................,)..O....@..................((...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`)......H.......P ..$...................t'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID....... ...#Blob......................3..................................................f...o.f...C.S.........W.................V...........%.....n...........@.....)...................M.....M.....M...).M...1.M...9.M...A.M...I.M...Q.M...Y.M...a.M...i.M...q.M.......................#.....+.....3.....;.'...C.B...K.b...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15912
                                                                                                                                                                                                                                        Entropy (8bit):6.795979658861104
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:zH/JWKpWDQNyb8E9VF6IYijSJIVxX5qd5:zH/j8oEpYi60y5
                                                                                                                                                                                                                                        MD5:0D53104075C8DF39D4A0CFC0B36A3D04
                                                                                                                                                                                                                                        SHA1:7336DA34B096A727A51D6D38DAECA2C4881B2778
                                                                                                                                                                                                                                        SHA-256:CBD5EC9F943F07404CC33A7956A40F925832A3338C65CA7DD9C312C2F7E03BFB
                                                                                                                                                                                                                                        SHA-512:099911E7BE7A6A25DFC952A007348A840D3FED8B92516E3B049E12A6F24EB7585CAD962658B242C0D19E83E7BEA07EC605561563B2FF14AD8A3890DC77349887
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0............."*... ...@....... ....................................@..................................)..O....@..................((...`.......(............................................... ............... ..H............text...(.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID....... ...#Blob......................3............................................................o.s...........D.....D.....D.....D...8.D...Q.D.....D.....D...l.....U.D.................m.....m.....m...).m...1.m...9.m...A.m...I.m...Q.m...Y.m...a.m...i.m...q.m.......................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.X509Certificates.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16936
                                                                                                                                                                                                                                        Entropy (8bit):6.742301132485331
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:STjbocNsWMhWqiNyb8E9VF6IYijSJIVxtLJTx:SboYyFiEpYi60tb
                                                                                                                                                                                                                                        MD5:3D93A992DD312FE629AB5D6CCF850528
                                                                                                                                                                                                                                        SHA1:C071A9279B8443AE461A1C714CFFA487FF7CF359
                                                                                                                                                                                                                                        SHA-256:9742081D172405E3CA98842B5E1FF3E7BD0F5825066DE327EB4290A5D6BF5B3D
                                                                                                                                                                                                                                        SHA-512:618EF6B5E46AFE3835D7393A63FE7B3C4A73F17535913EFCCB4E310BEBCEE54708B6F9D80F0CE3E573C1525A39C1F15B3262E232B02109A8C0E46F646245B560
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.................. ...@....... ...............................'....@..................................-..O....@..................((...`.......,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P .......................,......................................BSJB............v4.0.30319......l.......#~......|...#Strings....x.......#US.|.......#GUID.......(...#Blob......................3................................'.....).........u.................=......."...:."...W.".....".....".....".....".....".....[.....".................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;./...C.J...K.j...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Principal.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.8445483953916035
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:pSKiWIhWG3Nyb8E9VF6IYijSJIVxLp8y0A:pSK8l7EpYi609Z
                                                                                                                                                                                                                                        MD5:FE7BC6211C4AF906699B28C485BEBE46
                                                                                                                                                                                                                                        SHA1:5C54F221F0C5BA1ACF39281BE2658850DBF9A60A
                                                                                                                                                                                                                                        SHA-256:A772F2AB0828BE9F22ADC5BCF14DB2114DE2A2FE20F0AAEBF8957043A5A5BB27
                                                                                                                                                                                                                                        SHA-512:3F50EC9CDA1873961D0BC5D5214310F4D0A2E28E8A66249AC11730EAC5A5F8A89EB136E1B9A49A4D9792B094ACAA9FB4BBC67B4F8F2E7DE4F9FF355C04B24222
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ....................................@.................................t(..O....@.. ...............((...`......<'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P ..l....................&......................................BSJB............v4.0.30319......l.......#~......@...#Strings....D.......#US.H.......#GUID...X.......#Blob......................3......................................................\.....0.....'.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.SecureString.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16424
                                                                                                                                                                                                                                        Entropy (8bit):6.789117842351263
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:b0KbZWApWmWTpWSDNyb8E9VF6IYijSJIVxkp8eP:QKRyhfEpYi603k
                                                                                                                                                                                                                                        MD5:49101FB80BE698D6FF2EB01FF7A02911
                                                                                                                                                                                                                                        SHA1:C7C94A2315F5B05AD5DF0A474E5C47A05306CD3C
                                                                                                                                                                                                                                        SHA-256:DBA9B817AC977A09A7D3045026FB57802ABEBA67E31BD1C1BFCCB2529300EEE5
                                                                                                                                                                                                                                        SHA-512:5040460E4E307037C3442D432ADEC67869C02ED8BC99B55E4D5191E3DCF53C0AAC3FACEC1BBC84E74A237D6507FE43152DD2152363018F9BBA699A4B77E12C30
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............)... ...@....... ..............................).....@.................................>)..O....@..................((...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................r)......H.......p .......................(........................................(....*..(....*..(....*..(....*BSJB............v4.0.30319......l.......#~..........#Strings....`.......#US.h.......#GUID...x...(...#Blob...........G..........3.............................................."...........C...........u...............m.b...........J.....J.....J.....J...6.J...O.J.....J.....J...j.C...S.J.............................P ............X ............` ......4.....h ....................

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Text.Encoding.Extensions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.874719627578481
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Sb1nWCXWr7Nyb8E9VF6IYijSJIVxnY3fHxk:s7yXEpYi60gxk
                                                                                                                                                                                                                                        MD5:B3ACA0F8C91EC33D1FB267FBF2DE120F
                                                                                                                                                                                                                                        SHA1:29EE280A3C25C7FCC75DDE7ABFB88693DD9AE46F
                                                                                                                                                                                                                                        SHA-256:AD8F66A8E2340499A3E2A885B8E9DB90A3125A15004CCE3B429E65C0E7DA9B16
                                                                                                                                                                                                                                        SHA-512:24F20FC78EAE801D5E0C3233043408922896A75EA6E5166F629545371FF203A6359555A68FF232C60544E98618BAA81494F46B578BD278461FC333CA82DC793F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ............................... ....@..................................(..O....@..T...............((...`.......'............................................... ............... ..H............text... .... ...................... ..`.rsrc...T....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~.. ...t...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....6.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Text.Encoding.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15912
                                                                                                                                                                                                                                        Entropy (8bit):6.774262964652296
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:/LyW7TWyDNyb8E9VF6IYijSJIVxRr9z6H:DfPfEpYi60y
                                                                                                                                                                                                                                        MD5:61C00354BE279E4DB20FFD3B5B326DD9
                                                                                                                                                                                                                                        SHA1:C6C9BD6E0970F123FC5CAFE714B768532791F5EE
                                                                                                                                                                                                                                        SHA-256:13D44BB25D9F5F27A3D26B3582A39A7C3896BEC2D54ECAB9C444F1CC6A4FE9CC
                                                                                                                                                                                                                                        SHA-512:3FFB5B41441894EABF232321932DFE746B968A3CBECD53E98BA96F630334AB3E4E2EF518125805EC831FB350F44B60F8328C3D57BFD038AED86507D702F2439E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............2*... ...@....... ....................................@..................................)..O....@..................((...`.......(............................................... ............... ..H............text...8.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ......................((......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0...........D.7.....7.....7...C.7.....7.....7...[.7...x.7...-.0.....7.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Text.RegularExpressions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.907819210404346
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:86Rb32WVzWwtNyb8E9VF6IYijSJIVx0H2:bRb3dtJEpYi60D
                                                                                                                                                                                                                                        MD5:92C3B5E46C974C9A12DD17F345F15A6A
                                                                                                                                                                                                                                        SHA1:641949D9C56F6B0B7866FD77C13B24DD760688CB
                                                                                                                                                                                                                                        SHA-256:99D5F16B1726D92FD674D66FB1F11FF89C33421866CC93326851FB2416F4B244
                                                                                                                                                                                                                                        SHA-512:08CE17508591BA7EFB6004986B69BE8CCE4B1FC12E316CDA3AD6E86EEEEFE1DA919396C659E9C4E201A80E6B52FE69AC0A391CFF5D100734218B63F614E90805
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ...............................:....@.................................t)..O....@..P...............((...`......<(............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................)......H.......P ..l....................'......................................BSJB............v4.0.30319......l.......#~..........#Strings....@.......#US.D.......#GUID...T.......#Blob......................3..................................................K...d.K...8.8...k.....L.................K.................c...........5.........................2.....2.....2...).2...1.2...9.2...A.2...I.2...Q.2...Y.2...a.2...i.2...q.2.......................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Overlapped.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):31784
                                                                                                                                                                                                                                        Entropy (8bit):6.534970290410218
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:xu5I+sqOylryry8qqIfUc7a5eMEpYi60J5Q:xYIVBpry8qqIfUcm5eF76i5Q
                                                                                                                                                                                                                                        MD5:D594D9CD12ADEC6A44A7930F4E6E57B3
                                                                                                                                                                                                                                        SHA1:EC68E31F107BB911BC6799B66449BFFD02FEE686
                                                                                                                                                                                                                                        SHA-256:09AC1AF349902D72C2C8A5106EA75A3E00475E16A08A1ADB06E1923D30C9FEB5
                                                                                                                                                                                                                                        SHA-512:109E912D34FA492134A821F080DE97F614F672F3BBAFCFD85DB8DF13731E31A81F75D1FA12D5EDC5A4A29F1DCC2AF6792A6B20DA1D5EF7EC2CAC2BB1F2C98BCB
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..F...........d... ........... ..............................j?....@..................................c..O.......x............T..((...........c............................................... ............... ..H............text....D... ...F.................. ..`.rsrc...x............H..............@..@.reloc...............R..............@..B.................c......H........&...7...........^.......b......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2rK..p.(....*2ry..p.(....*2r...p.(....*2r...p.(....*2rc..p.(....*......(....*..0..;........|....(......./......(....o....s

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Tasks.Parallel.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.87608762940196
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Gvn4HREpWiQWtIANyb8E9VF6IYijSJIVxeWDaLt:ZS/I4EpYi60g
                                                                                                                                                                                                                                        MD5:9DE4F0B97176A6A5DFFACFA7D814AE5B
                                                                                                                                                                                                                                        SHA1:901344AB9C79E9710EBA25DB68D9E1528D81792F
                                                                                                                                                                                                                                        SHA-256:D77C918FFAD2F529CC8C154EB3C1ACF50DC542741BF7AFD9E70786FE81AE1B7F
                                                                                                                                                                                                                                        SHA-512:37AC428EDDFE7001A1490182DD79DC3F4830F2548FB3727E9F0F1D5224DB1DFA95988EB8284F39D29A852F9B552FB3073A8EA8C630770018AD7F88EA900E2FD6
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ..............................;.....@..................................(..O....@..P...............((...`......x'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......l...#Strings....|.......#US.........#GUID...........#Blob......................3......................................................n.....B.....".....V.................U...........$.....m...........?.....(...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Tasks.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16424
                                                                                                                                                                                                                                        Entropy (8bit):6.766567453209908
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:38MjKb47T3UCcqFMkJ59WdtWcnNyb8E9VF6IYijSJIVxoI0F:sMjKb4vcGdO7LEpYi60EF
                                                                                                                                                                                                                                        MD5:E6089C386AA8BDF2C9240DF0098B0C41
                                                                                                                                                                                                                                        SHA1:5B4E1D708FFE66B2D4B86A765D063C7F4F3D39FF
                                                                                                                                                                                                                                        SHA-256:258FBB18BC7432053EDC7E098AFA9D0BB0A1068BB253068CD7449D87DD3C3135
                                                                                                                                                                                                                                        SHA-512:42BAC7E61967A57F41270C7F1C3FC48FAADBCAE207A54ED54D9E9BC5780C253C0A89F823DE5D222E51B82B2998748E7D9027944D269983FF9A18EAD7667D84E1
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............,... ...@....... ..............................3:....@.................................`,..O....@..................((...`......(+............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P ..X....................*......................................BSJB............v4.0.30319......l...<...#~..........#Strings....4.......#US.8.......#GUID...H.......#Blob......................3................................!.....O.......................................].....z.............................7.......j...........n...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Thread.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.857184391871379
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:PzyNXd4+BW6FWqkNyb8E9VF6IYijSJIVxDYhPMu:OztEEpYi60cpb
                                                                                                                                                                                                                                        MD5:8D28AEDFA446EA70795D468AE16934D5
                                                                                                                                                                                                                                        SHA1:F1330A420CFF4FF24DBDF7E8378397FF80DF8A58
                                                                                                                                                                                                                                        SHA-256:7AE92817F37DD736529FB391768AA36F742E7BFA3D9082A2F244CF2AC521FE24
                                                                                                                                                                                                                                        SHA-512:0F8AA673889AD150A729D642CBA150FF8BF202ACBA41417F030CCB21922771C54715132D47CF814EF460FF199F54D645D2336C27CD37952ADB368C2FEFC9CE13
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ..............................G.....@..................................(..O....@..................((...`.......'............................................... ............... ..H............text... .... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..,...p...#Strings............#US.........#GUID...........#Blob......................3..................................................'.....'...T.....G.....h.................g...........6.................Q.....:...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.ThreadPool.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.859931444896201
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Ivs2Q3HKJNrWWRWfUANyb8E9VF6IYijSJIVxm8Y5O6:IuM0xEpYi60PYc6
                                                                                                                                                                                                                                        MD5:25F33DFB6C83FCD0FC1DE251FE683DB5
                                                                                                                                                                                                                                        SHA1:790ED2654D3016B4470AF54FF8C5E2029E215B27
                                                                                                                                                                                                                                        SHA-256:409131B7270D31B1313182B2FB6D5219CE3DE607F0CBB82D98EC61DBB514FFA5
                                                                                                                                                                                                                                        SHA-512:BBCD6A5FDBF859F734FE65F57263AB9CE2586AD9228CAF4A4970F3DEAF0E47E4D65EC565356DFB78798F7C66DDA80535142746F9D51E5C230C5E89F81610AA4E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ...............................:....@..................................(..O....@..4...............((...`......h'............................................... ............... ..H............text........ ...................... ..`.rsrc...4....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......`...#Strings....p.......#US.t.......#GUID...........#Blob......................3................................................../...q./...E.....O.....Y.................X...........'.....p...........B.....+...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.8...K.X...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Timer.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.827015314349416
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:nFz0Q6gcqRhcsMWdMW+kNyb8E9VF6IYijSJIVx9Jtlw2p:nFz1c60EEpYi60L3pp
                                                                                                                                                                                                                                        MD5:3D71ED83427BF05AB130F4F29DA2D701
                                                                                                                                                                                                                                        SHA1:46604588D91D51387CB8801591DFB555E90783B4
                                                                                                                                                                                                                                        SHA-256:15927B1892031F463E8E4B45104A41FA7090A313A75A4CACD81B1D1D95918648
                                                                                                                                                                                                                                        SHA-512:B35AE26ED42F5347BAF878F4D5E2764C30D72A38E021E1E3467C67F6D849E928FC5563628FAFD5DDFB9F8F5DEDF32702EC23B30F8BEF10E5D75FBF314528615C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ..............................50....@.................................L(..O....@..................((...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..D....................&......................................BSJB............v4.0.30319......l.......#~......,...#Strings.... .......#US.$.......#GUID...4.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16424
                                                                                                                                                                                                                                        Entropy (8bit):6.723652389565766
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:X6xWA3W4aW/NWQvNyb8E9VF6IYijSJIVxIJz8dE:XaB/TEpYi607y
                                                                                                                                                                                                                                        MD5:6BEAC5BA1A217194D23572ECDDCE2759
                                                                                                                                                                                                                                        SHA1:FEC30E3B4EDEDDD668F891D3DBB6FC15BDAEE248
                                                                                                                                                                                                                                        SHA-256:7E085CC86E5B00BF8BC68F09C15F4B7866E38A15CDB1ABA4A32E0176CF40045B
                                                                                                                                                                                                                                        SHA-512:BD1D57184AE9E1DE828B36684694859EC1435BDEC7029F66FF06380FF3029344BC12EB7BA793F8D56E1903C3A593DD8A2796C81E57F6214318B39DD632DB9A27
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............,... ...@....... ...............................4....@..................................+..O....@..................((...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P .......................*......................................BSJB............v4.0.30319......l... ...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................-.........O.k.....k.....X.....................1...........o.........................B...........9...........J.....J.....J...).J...1.J...9.J...A.J...I.J...Q.J...Y.J...a.J...i.J...q.J.......................#.....+.....3.....;.....C.-...K.M...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ValueTuple.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):73256
                                                                                                                                                                                                                                        Entropy (8bit):5.9547665237514895
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:G784YWac+abptsy5VyYc/9n1RcGxzeeUVn9KyQgHo0JuresehaAsk76nV:G7N1r9KGI04CCAskwV
                                                                                                                                                                                                                                        MD5:B9DA1FE2089DE0A8B1814F5997FC72BC
                                                                                                                                                                                                                                        SHA1:173B1F7C7408E94A76927CCFC1D53DB9518E0E4B
                                                                                                                                                                                                                                        SHA-256:2D080E6BBEBEBDC9F5D474B9595746F578B5451E2E6D24A10CDCDD216F57AC2F
                                                                                                                                                                                                                                        SHA-512:3F38C7ED3EE6ED7B3B699E2C0521A8AA34357E801AFDFD175AA47925EE8B1E75A9BBB8C3C2F2342862689D5BB18262776F35407FD766F4BE46F064AC54446917
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0.................. ... ....... .......................`............@.....................................O.... ..P...............((...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H.......$...h...........................................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o ..........o!...........o"........*...o#..........o$..........o%...........o&...........o'........*....0..L.........o(..........o)..........o*...........o+...........o,...........o-........*.0..Y.........o...........o/..........o0...........o1...........o2...........o3...........o4.... ...*....0..k.........o5....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.ReaderWriter.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15912
                                                                                                                                                                                                                                        Entropy (8bit):6.853900301591647
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Jr97WquW6/Nyb8E9VF6IYijSJIVxkp9mGXZ:JRJKDEpYi60eF
                                                                                                                                                                                                                                        MD5:0C9A6CDE287F0B0C48902EA337CF7949
                                                                                                                                                                                                                                        SHA1:2074CD6D4642F0F659D17F923C9F84CC696D1F12
                                                                                                                                                                                                                                        SHA-256:B22D08A687ECAAB2E7475E9834560E2C4B00DC2BF0C7259CCFC81C44D2C611CA
                                                                                                                                                                                                                                        SHA-512:23567A5C1734E7667E4827049CAF6ACC1BCDB658895D2A413832C56E4C727E7BB120E1C8AAA4C66AC1CF21793A07E9F7F0237183FEA3763AC6ACB6506CDDDAC7
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............+... ...@....... ..............................2.....@.................................\+..O....@..................((...`......$*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P ..T....................)......................................BSJB............v4.0.30319......l.......#~..T.......#Strings....0.......#US.4.......#GUID...D.......#Blob......................3......................................z...........j.....j.....W...............B.....z.............................................................Q.....Q.....Q...).Q...1.Q...9.Q...A.Q...I.Q...Q.Q...Y.Q...a.Q...i.Q...q.Q.......................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XDocument.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15912
                                                                                                                                                                                                                                        Entropy (8bit):6.791351843410249
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:cvh2uxSleWLDW5wP8rNyby2sE9jBF6IYiYF85S35IVnxGUHFMsSAfy:O16eWLDWGoNyb8E9VF6IYijSJIVx4MK
                                                                                                                                                                                                                                        MD5:1EAD058E00ADC84AD8A50D569BA4521D
                                                                                                                                                                                                                                        SHA1:986087A3B7077DDB4F910D53F9E871A89E31D9E4
                                                                                                                                                                                                                                        SHA-256:3C9C5421BBB4324F0F6338882806A257F77965876F12824D43829EAE003622C6
                                                                                                                                                                                                                                        SHA-512:3B070330FCB4BC6C170C69B3DB0CA149C3CE8E81779F4B7254088DBC423A7E4D9E331F379467EE16E4DB1F8DAC69C223A369325707BFA0FC7B2301B23475FDEA
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............*... ...@....... ....................................@.................................|*..O....@..................((...`......D)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ..t....................(......................................BSJB............v4.0.30319......l.......#~......8...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3..................................................z.....z...u.g.................................>.....W.................r.....[...................a.....a.....a...).a...1.a...9.a...A.a...I.a...Q.a...Y.a...a.a...i.a...q.a.......................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XPath.XDocument.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16936
                                                                                                                                                                                                                                        Entropy (8bit):6.7831784200733
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:C8G4YC2W+wW8WpwWU4Nyb8E9VF6IYijSJIVxP4AZ:tGZ5OwEpYi60n
                                                                                                                                                                                                                                        MD5:18280BC3C94A054A45628EEC1DF266A8
                                                                                                                                                                                                                                        SHA1:DB5C8F6578CBC9BA93014883C027C6A9DE777F67
                                                                                                                                                                                                                                        SHA-256:87CE63CAAA2B024E97DBD1861F13119C5378D3C3D4C0B76B8E6F66CB5FFBA5C7
                                                                                                                                                                                                                                        SHA-512:9A6BF6FA0DF136566AD596FADD206E9FC089939500543817D341E4E9A2214654AB87966D6F5E05B211482DBDAB2F8E222837014D685BE564622EA11E3114CAE3
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............+... ...@....... ...................................@.................................z+..O....@..x...............((...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...x....@......................@..@.reloc.......`......................@..B.................+......H.......t ......................P*........................................s....*:.(......}....*2.{....(....*BSJB............v4.0.30319......l.......#~..0.......#Strings............#US.........#GUID...........#Blob...........WW.........3..............................................................L.........4.H...}.H...u.v...........;...........;...=.;.................../.%...........P.....m.....................................v...S.......v...d.v...........v...m...............

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XPath.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15400
                                                                                                                                                                                                                                        Entropy (8bit):6.89811663827779
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:F6ziqTEkGWvRWH1Nyb8E9VF6IYijSJIVxKPUE:FYT1cREpYi6001
                                                                                                                                                                                                                                        MD5:B5573716CB6D73603A91A2DDD9417236
                                                                                                                                                                                                                                        SHA1:9647D429082395CBD82E71C7A4F126180591D1AB
                                                                                                                                                                                                                                        SHA-256:1B98B61E3ED9A990BFE7FE909ED154E743713202DCFA655B261E15788BE78605
                                                                                                                                                                                                                                        SHA-512:2BDE18B4A19AE18EA5F2507A0890CDB7B4E12C1ECEEA45719390CD8C0E86BF543174A10876195A9230B3D8A1D383A2C69B4C01CDA372FFB502B227170E53DE73
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ..............................E.....@..................................)..O....@..................((...`......d(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3................................................'...........~...................................G.....`.................{.....d...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.-...K.M...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XmlDocument.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15912
                                                                                                                                                                                                                                        Entropy (8bit):6.810703111667448
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:DUv7c7iWNCWq0Nyb8E9VF6IYijSJIVxILSM:DM7c1m0EpYi600/
                                                                                                                                                                                                                                        MD5:A00D659894A0486055C5BBA1E09A5400
                                                                                                                                                                                                                                        SHA1:597FBEA2CB5249EE5AAAD13E3C8F6A347A70E53D
                                                                                                                                                                                                                                        SHA-256:F2F11E3A920361F15E107E5687E6662230DB520E196B2799BDDEED3949AACFFF
                                                                                                                                                                                                                                        SHA-512:BB0854D683871384FC3356740E5C54E3BB8802D63D4276E2EDE619C43F5D1E89792CF205B287FCF3D0436CB1B5607A081E81F4FE1FE8E389FAB8ABA563466BBD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C..Y.........." ..0..............*... ...@....... ...............................v....@..................................*..O....@..................((...`......`)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~......l...#Strings....l.......#US.p.......#GUID...........#Blob......................3................................................4...........~.............H.....H.....H.....H...T.H...m.H.....H.....H.........d.H.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XmlSerializer.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15912
                                                                                                                                                                                                                                        Entropy (8bit):6.852365362100018
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:Dx+vxmNWnRW5TPMNyby2sE9jBF6IYiYF85S35IVnxGUHF8C8nXYhlbR:4SWnRWJ0Nyb8E9VF6IYijSJIVxITYjbR
                                                                                                                                                                                                                                        MD5:897B4ACADE1E98F8EF9DF939AFC19DDE
                                                                                                                                                                                                                                        SHA1:A46F642D080DF919E8523672F614A1409FED7490
                                                                                                                                                                                                                                        SHA-256:FEEA00F2A302198673766E25C042A007503B0B288FC9CE0E2F65A3EAC4CB5442
                                                                                                                                                                                                                                        SHA-512:DE35426A127F636A5CBC043428FF0E7C0623712F2ACCEB6EBEC8DD855B9BD14BAD5CF670B2D80B801C138E0CC928AE797BD1DFC38AB69ADE58E925A4E3AE66BA
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C..Y.........." ..0..............+... ...@....... ....................................@.................................L+..O....@..$...............((...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...$....@......................@..@.reloc.......`......................@..B.................+......H.......P ..D....................)......................................BSJB............v4.0.30319......l.......#~..........#Strings.... .......#US.$.......#GUID...4.......#Blob......................3..................................................k.....k...U.@.........i.....=.........................................&.....'...................:.....:.....:...).:...1.:...9.:...A.:...I.:...Q.:...Y.:...a.:...i.:...q.:.......................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\log.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (337), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5166
                                                                                                                                                                                                                                        Entropy (8bit):5.050608166180844
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:Wgjg6gCQ/gnSi++aPGl7p7Al4gnSi++aPGl7p7Ac:7VL/N7c9L/N79
                                                                                                                                                                                                                                        MD5:1109057A824A67DA2812A58935A79EDA
                                                                                                                                                                                                                                        SHA1:3F566508AFC36ECA6647F276B24032DB7F45ECB9
                                                                                                                                                                                                                                        SHA-256:3EE3F93C04C7D70EAC6AD05FD548166E73A6F63E7010907FA67632A8C19496C7
                                                                                                                                                                                                                                        SHA-512:FB4EE9F6C3FD9D246E7B355F5CF67712F19D4A5A9D660489E096AA55EEC5F842914904290776EEAC718456D1D96E4953123748E067706357124189032729F358
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:2024-11-08 07:40:14.5614|ERROR|WuApiService|Error on retry number 1: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.....The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.....2024-11-08 07:41:12.1035|ERROR|WuApiService|Error on retry number 2: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.....The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.....2024-11-08 07:42:43.9977|ERROR|WuApiService|Error on retry number 3: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.....The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.....2024-11-08 07:44:01.7975|ERROR|AgentPackageOsUpdates|Error executin

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\netstandard.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):92712
                                                                                                                                                                                                                                        Entropy (8bit):5.483010862843941
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:72Ec05j4eAH64rh5fSt5T9nFcI94WYG76rF:KlK4eA7mDmWYGa
                                                                                                                                                                                                                                        MD5:7809B2A1A7F1E551303AE139883E715C
                                                                                                                                                                                                                                        SHA1:8BBB442FE28E28A4C499FF190E26AC892CB8AB1F
                                                                                                                                                                                                                                        SHA-256:9A79A4ED51DA46805218B6C0AC883D4DD7DB1CEA3821F169110B9F79DF8B1A0C
                                                                                                                                                                                                                                        SHA-512:70BC185D3BF9F31C94813359393E6595136857F28438AC98B5A85F84C3DF807F14B57E2F68AC499BC7E61855AB9CB32EA082532449BEB6AFA9AC3BF9B7D1E278
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\netstandard.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M..Z.........." ..0..8...........U... ...`....... ..............................4.....@..................................U..O....`..,............B..((........................................................... ............... ..H............text....6... ...8.................. ..`.rsrc...,....`.......:..............@..@.reloc...............@..............@..B.................U......H.......P ...4..................,U......................................BSJB............v4.0.30319......l...|...#~.....d...#Strings....L3......#US.T3......#GUID...d3..x...#Blob......................3................................q.....2B........e$.M...,.M.....M...4.M...1.M...1.M..v..M...*.M...*.M....p...........................!.....).....1.....9.....A.....I.................................#.......+.......3.......;.J.....C.f.....K.f...................2.....................

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement.zip

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3024123
                                                                                                                                                                                                                                        Entropy (8bit):7.999926956152327
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:49152:XtwldCigFirCUvd1LJoZSrfzWZWrOwv5l10jYQMFsin5tKfgD768LjNx4dOOPHT:G4igFibvL1yUROkf1a4Cin5t6JKhOPHT
                                                                                                                                                                                                                                        MD5:384D6DA5C34FF401B18F0AF41E3A2643
                                                                                                                                                                                                                                        SHA1:3DDFBCF79E55904DF77DF2125F2112CFE7703EEC
                                                                                                                                                                                                                                        SHA-256:0699C4CCAA2F9E6768475F7FBD0DD93DAB1A0A0DC8859E9EE8F8A48AD1075D7D
                                                                                                                                                                                                                                        SHA-512:5B63245BEDFC7260B27254A33F621A8B626A36C13C8F8AD516F51013BD6751770D37AFDC1FF8F7646D9F972081ACD24776314405CC397762A4F58D6DCA0A7F32
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:PK..-......<fY:'zY........?...AgentPackageProgramManagement/AgentPackageProgramManagement.exe....(.......%n............a....^&....#..<[.. .o>2)....W.PlphQ..%We....2...~L........\..1,5.1n..P{=I..9..|....:5-b..J..^..J...}...C:.....kA.G.Q.B....Ee....f..v+%.f....2......)cd........DJ.W'..D,...u4`e.t.u....B.c.T...u.;.v.7.Gs...+.1.%..C.ma.a.9...2j).......v.p....Z......I...,ay;.k..<...=[p.......NB.<......u...C.2..|".d.j......#?..1...]Z... ..%Atv....z....s.IH......R.....Rb.....EKM9...l...EA............R.....5g).......'S..o.(......|..oa..<.".z ...Z[My...`..s...3.v`M%s...fW0J..aD.-e....3iUQ~)s.<*7..{..3..d.<G2_w.7...Tz..k.)w.RR0.6*.0Sl.....3..F8..O..g..E.ahr.C....^.BPGw.Z"#?...l....X..z..o..B..K....R.?..`..>Bz..;0V.>.<.+.J.4/ ..V".4..~xl..F..,.qN..mQV.C..z.H....PI.'t\z~..E.>.|.9..<..W..Da..X<.@N.A...........<.$..G...$...g\(..._:.....{............".g....MX&.^......O'm.5..J&..G]XK.y...*y......Y.*.on.~....$*J.'..|....l......1.%L\.1V....*......._...g......<.EG..9.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):56872
                                                                                                                                                                                                                                        Entropy (8bit):6.184385666278393
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:pQG8WGQaZZdCf1LJiuyljLY+z/VyGICVbxPuYL4qtbeBtYcFm7B6K1oEpYi60CE:pQQx4L7VSybxiqt6xm7Bl1R76E
                                                                                                                                                                                                                                        MD5:A739B889642CA9CE4AD3A37A3C521604
                                                                                                                                                                                                                                        SHA1:18BCF6FD14C5AECE67AE795A3C505A0C1A9D5175
                                                                                                                                                                                                                                        SHA-256:44B96244B823052FB19509B1F9576488750C4EDAB61840AF24B10C208B47FC92
                                                                                                                                                                                                                                        SHA-512:92243E80FD77B9C3F9231C750935B34D9ADCDC76E1A45A445C47888A1E98FACA1C26F617459DB0C1AF4860A5172401F03E64039888E6F84726D2457CC550BAE0
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....+g.........."...0.................. ........@.. ...............................B....`....................................O.......................((........................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........Q...k...........................................................~....(....-..*.(....,..*(....~....(....(.....l(....(....*...0..3.......~....(....-.(...+*~....(.....(.....(....o....(...+*..0...........(.....~.....( ...*..0...........(.....~.....( ...*..0...........(....(......(!...*2.(....(....*v~....(....-.~"...*~....(....*...0...........(#....(.....o$...(%...*.0..g.......(&....('....o$......o(....s).......+......O...r...p(*...o+...&...X......i2..o,...o-........,..o.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1251
                                                                                                                                                                                                                                        Entropy (8bit):5.000868036244702
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:JdszvPF7N8OH2//3dVhOXrRH2/dV0PH2/+w3VUrPH2/+789y:3sB7iOgl27Rgdsg+w3Sg+78w
                                                                                                                                                                                                                                        MD5:16D1DF732FB7C3FE51EE9657C5AC458C
                                                                                                                                                                                                                                        SHA1:32CECF6AA8A03E11A967D54C67F9404F6A73D57B
                                                                                                                                                                                                                                        SHA-256:4FC493DA952DF0968311A06FAC3A5D03FBC2351DB77D0D907A1FAFA4ADA08777
                                                                                                                                                                                                                                        SHA-512:1F33ADA48F1ECAFA9238B87A8743C0A92953D123A917E38EC9F7EA7B92A7514AF6F244E4E3F77141D9ABDC11D120641FBDE9318525E0C3F2DC16F6E1D91634C9
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>...<startup>... <supportedRuntime version="v4.0" />... <supportedRuntime version="v2.0.50727" />...</startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="log4net" publicKeyToken="669e0ddf0bb1aa2a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-2.0.12.0" newVersion="2.0.12.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Buffers" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />.. </dependentAssembly>.. <dependentAssembly>.. <asse

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.ini

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12
                                                                                                                                                                                                                                        Entropy (8bit):3.584962500721156
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:WhXTLV:WBTh
                                                                                                                                                                                                                                        MD5:0A4E3CA227D7488A6D35CD34C996A112
                                                                                                                                                                                                                                        SHA1:EAA59486A0A1C4C90F6CCE96879EBEBFC42A2CC6
                                                                                                                                                                                                                                        SHA-256:8863E1E0D918A36F4E570BFDA20316AE5A131FE3EDE970A83AD704059F5A2743
                                                                                                                                                                                                                                        SHA-512:400C3A3112AAA18027C47B5370BCEE535F8CE82B945DC96E16B81A99DFC8BEF6C0C996E363AB67336D746A602A3CFD70B989017497A1E55AF7663A336F5D15E8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:version=26.0

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):112168
                                                                                                                                                                                                                                        Entropy (8bit):6.178091158418056
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:fgs5os2RUW33uzNrscqSofyqwshFDfuX73QbQgLb/xs8bRUi+kEWWdK76tUn:f0jjnl1wuDYjQbQgLbZs8DWdKp
                                                                                                                                                                                                                                        MD5:524644D07DFBB5BA00BC10760ADC1A26
                                                                                                                                                                                                                                        SHA1:09F5FB63FCF2B98CDDE49C08C7F00AA1F5D736B8
                                                                                                                                                                                                                                        SHA-256:2A4CC462C8D4132D3E790225753250004BFB853D44C16DB9847D3259A31F72A5
                                                                                                                                                                                                                                        SHA-512:311657CF4C66771285DA324C0D3D669134994A1C15CBF6BDD93C9823F629F846C4BF82CF890B34055C213B5D0B0EAAFB94DA2A6B02BD46B85CB1CB8DA3F00489
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Y.g.........." ..0.............b.... ........... ....................................`.....................................O.......8...............((.......................................................... ............... ..H............text...h.... ...................... ..`.rsrc...8...........................@..@.reloc..............................@..B................D.......H....... ....!...........................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p( ...r...p(!.........("...(#.....&..*........00......:.(......}....*..0..Z............($...,......(%...*~..........(&........($...-..(....s'...........,..((.........(%...*..........&E.......0..G........{....,.(......5~)...r'..po*...rm..pr...po+...ta...r...p(,..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\CredentialManagement.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):38952
                                                                                                                                                                                                                                        Entropy (8bit):6.310416565021442
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:MINsi1A6I1MLzHS0+iFJBn5gpKNEpYi60wgF:JNsii6v/HS0+OJd5gpKm76tgF
                                                                                                                                                                                                                                        MD5:AD1B43C318655C7B1718650CE2363B31
                                                                                                                                                                                                                                        SHA1:7F79895F5EFCA53625077B77A3A706FEE84AC8B2
                                                                                                                                                                                                                                        SHA-256:BC8DCB5453165431C14E42D8CC625B110FD1FFD2262A264B89E2B5919221E11C
                                                                                                                                                                                                                                        SHA-512:66D59A88B8D2AD20CED038FA1B21C8EBD5C05EE12488056EB375BCBBA9350A86E6B75C2BB96B6EFFA37F0DA4DBC92D0950F29DBC6383E93F45068180E104747B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H..T...........!.....f............... ........... ..............................u.....@....................................O....................p..((........................................................... ............... ..H............text...$d... ...f.................. ..`.rsrc................h..............@..@.reloc...............n..............@..B........................H........2...O...........................................................0..+.......s.........~....%.(.....s............(.....*..........#........,..%{.....`}....*.%{.....f_}....*..0..>.......................(....}=......}>......( ...}@......(....}?....*R.{....,.r...ps....z*:..(.....(....*...0............(.......(.....*...................J.{....-..&..}....*6.(.....{....*:.(......}....*6.(.....{....*..(.....(....,.r]..ps....z.o ... ....1.r]..ps!...z..}....*6.(.....{....*..(...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\LICENSE.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):670
                                                                                                                                                                                                                                        Entropy (8bit):4.870186870231866
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:5lh3rwhI4IaMFj27/tUYCQpU0E+dqo6rHQknd77psLlO:l334IaJUuU0E+QHQk17psLlO
                                                                                                                                                                                                                                        MD5:B4ECFC2FF4822CE40435ADA0A02D4EC5
                                                                                                                                                                                                                                        SHA1:8AAF3F290D08011ADE263F8A3AB4FE08ECDE2B64
                                                                                                                                                                                                                                        SHA-256:A42AC97C0186E34BDC5F5A7D87D00A424754592F0EC80B522A872D630C1E870A
                                                                                                                                                                                                                                        SHA-512:EAFAC709BE29D5730CB4ECD16E1C9C281F399492C183D05CC5093D3853CDA7570E6B9385FBC80A40FF960B5A53DAE6AE1F01FC218E60234F7ADCED6DCCBD6A43
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview: Copyright (c) 2017 Chocolatey Software, Inc... Copyright (c) 2011 - 2017 RealDimensions Software, LLC.... Licensed under the Apache License, Version 2.0 (the "License");.. you may not use this file except in compliance with the License... You may obtain a copy of the License at.... http://www.apache.org/licenses/LICENSE-2.0.... Unless required by applicable law or agreed to in writing, software.. distributed under the License is distributed on an "AS IS" BASIS,.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied... See the License for the specific language governing permissions and.. limitations under the License.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\Microsoft.ApplicationInsights.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):398888
                                                                                                                                                                                                                                        Entropy (8bit):6.134241628993444
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:UjS6t1sm5LldNolZIkImcTi077Keb0wi0Lcr4so8mysKTqRjMnM6/ZmvZ:U+e55LgIkTmyAAfTnMLvZ
                                                                                                                                                                                                                                        MD5:6762019C89413E273B65BBDA0DDA1F33
                                                                                                                                                                                                                                        SHA1:3827B82672129D766441EE3A888FB20A214C9166
                                                                                                                                                                                                                                        SHA-256:0549B79D915012B84C8D2BB64CD5D5177BFF3CBB559EE25553F3728A8CF2FC61
                                                                                                                                                                                                                                        SHA-512:FADDD66A71B54FFEB1408BC740C85B57BE6476B79D5B2E048703B75D7450A24FC3B0F4B16383D0736A6AE5F29FECD95EBF3CF903093E411B6A97EC49B9FF725D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ... ....... .......................`......>.....`.................................v...O.... ..................((...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........P...................$.........................................{)...*..{*...*V.(+.....}).....}*...*...0..;........u......,/(,....{)....{)...o-...,.(.....{*....{*...o/...*.*. S]G. )UU.Z(,....{)...o0...X )UU.Z(.....{*...o1...X*.0...........r...p......%..{)....................-.q.............-.&.+.......o2....%..{*....................-.q.............-.&.+.......o2....(3...*..{4...*..{5...*..{6...*..{7...*..(+.....}4.....}5.....}6......}7...*....0..k........u......,_(,

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\Newtonsoft.Json.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):710184
                                                                                                                                                                                                                                        Entropy (8bit):5.9605882988703245
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:1Bja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUD:1Bjk38WuBcAbwoA/BkjSHXP36RMGq
                                                                                                                                                                                                                                        MD5:71C0AFD3A6612415A6435862DA08D819
                                                                                                                                                                                                                                        SHA1:B4C3605A5C2FF30737818B6EE5B3C18E1CEB1DD0
                                                                                                                                                                                                                                        SHA-256:4285095545443E727BCF3CA4BEEDA95AC3A3F285C12DBFB9604582BAE1CB7329
                                                                                                                                                                                                                                        SHA-512:7BD7871354FAB8A20E1BC7A49E295E11BA130571A9F964671FF4524556D79A3B6AA08A48068F93F48914AB9EF5396E0F35A75F3579C2B0B64C698203FBD98E22
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p$?..........." ..0.............B.... ........... ....................... ............`....................................O.......................((.......... ...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................$.......H.......x...(9............................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\System.Buffers.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22056
                                                                                                                                                                                                                                        Entropy (8bit):6.675518692328492
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:gy/fjFwUI/KQyVvKdDhG6ISDFWvYW8af0Nyb8E9VF6IYijSJIVxOqS2:guhMaVmzDC6k0EpYi60H
                                                                                                                                                                                                                                        MD5:EA6DC0FE3F04F7FA84E1D85C8E22A9F1
                                                                                                                                                                                                                                        SHA1:0DB3F1C2BBA5AA577C25A6DF1CA0968C161EA4FD
                                                                                                                                                                                                                                        SHA-256:75427BEBAEA898009A0C375AC78D2D5B85ED8D82FFB47B2F426DDDA53488084A
                                                                                                                                                                                                                                        SHA-512:11FE2A6285690537553A7E3EA5B8183CF9ECE7F518F56095F91E1CA5CB5377BCC12CE3D64EFFEF83411CD0CADD6BC9B782B0E621FBF323B394644B2D03B355D4
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..$...........C... ...`....... ...............................2....@.................................sC..O....`..@...............((...........A..8............................................ ............... ..H............text....#... ...$.................. ..`.rsrc...@....`.......&..............@..@.reloc...............,..............@..B.................C......H........(.. ........... @..X...xA......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*.......%...(....*.(....,.r...p......%...%...%...(....*.......%...%...(....*..0..A.......(....,!r...p......%...%...%...%...(....*.......%...%...%...(....*.~....*2r...p.(....*B.....(.........*..(....*R.....(...+%-.&(....*^.....(.....(...+&~..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\System.Diagnostics.DiagnosticSource.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):64040
                                                                                                                                                                                                                                        Entropy (8bit):6.26683606308263
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:sYDFPV3uv9niVSmzPFX8lpJ6TJPe4TW9Lvu2perEuaRtIvqUl1FHEpYi607zv:sKC9niwOepJ6TJPeb6NIUFg76Kzv
                                                                                                                                                                                                                                        MD5:89B48C386D60FBC7D9D3D8763B8072D8
                                                                                                                                                                                                                                        SHA1:BAFA1A4BA0A9851AE946C33C853CD9876ADF8547
                                                                                                                                                                                                                                        SHA-256:54121CBE1846804602A349FD840A9AD5156AF4C4C5CA3156EEF0485E66A11D27
                                                                                                                                                                                                                                        SHA-512:412CF12794691E760078E7FA51DDCFB53259FE1317B54656FA3691CC2A6470E2B76FE6F6399B7F23DB03C40C064151B1CCA44DECE66EFB85EBF7FEA93233AC10
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....[............" ..0.................. ........... .......................@.......v....`.................................k...O....... ...............((... ..........8............................................ ............... ..H............text........ ...................... ..`.rsrc... ...........................@..@.reloc....... ......................@..B........................H........[..h...........(.......0.........................................{#...*:.($.....}#...*..0..#........u......,.(%....{#....{#...o&...*.*v ..yN )UU.Z(%....{#...o'...X*....0..M........r...p......%..{#....................-.q.............-.&.+.......o(....()...*..{*...*:.($.....}*...*.0..#........u......,.(%....{*....{*...o&...*.*v ..:. )UU.Z(%....{*...o'...X*....0..M........r-..p......%..{*....................-.q.............-.&.+.......o(....()...*..{+...*..{,...*V.($...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\System.Memory.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):138280
                                                                                                                                                                                                                                        Entropy (8bit):6.17880192184794
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:mP3XFz0qjCIIMAxlUXsKovHO420kN1A6C8IJHW:mh0qjC5RMOHO420kN19
                                                                                                                                                                                                                                        MD5:70B39FAB40BC008A02944BE1683A6E14
                                                                                                                                                                                                                                        SHA1:D8024C5444457ED030237B8BF208344A01783366
                                                                                                                                                                                                                                        SHA-256:2F106177FDCE0FC2DDD76E3D594784673B8C5F5770F829FA4A804ED3D6095D05
                                                                                                                                                                                                                                        SHA-512:F2F023D79126F2EF57284709F81D54F8953DC8D95A325A1EC68DB3EB3776C9CF150BDFA741C8473946A1A00D337E4AA3E10E9756508F424E75DBCCF22C1D6B9B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0.................. ... ....... .......................`............@.................................3...O.... ..0...............((...@..........8............................................ ............... ..H............text...\.... ...................... ..`.rsrc...0.... ......................@..@.reloc.......@......................@..B................g.......H........ ..............P.......8.........................................(&...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....('...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o(....{....(X...*..(....zN........o)...s*...*.(....z.s+...*..(....zF(L....(F...s,...*.(....z.(M...s,...*.(....z.s-...*.(....z.s....*..(....zN........o)...s/...*.(....zrr...p(S....c.I...(F...s0...*.(....zBr...p(P...s0...*.(....z.s1...*.(....z.(O...s2...*.(!...z.(V...s2...*.(#...z

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):17960
                                                                                                                                                                                                                                        Entropy (8bit):6.6371360514611695
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:iTO9dQWXYW8a6gNyb8E9VF6IYijSJIVxJF08e0:iCn6xYEpYi60k87
                                                                                                                                                                                                                                        MD5:420069A4BBE2752182591DDF01D72133
                                                                                                                                                                                                                                        SHA1:40001DB247DB85C1FCD1C8BE9E5ED7534BE888C1
                                                                                                                                                                                                                                        SHA-256:31CB62AD3CA98187D24183A4A9B6C91BBF3DD345A344F3152DF974EA6D75B6FD
                                                                                                                                                                                                                                        SHA-512:476046825D7731FABED1C7F4317A874DA1BE5F237CE44587EE157B25FB24588F57D14F15041D82A23354802D587414206C195F6CD4B3DEFDB3431627595F936C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^...........!.................1... ...@....@.. ....................................@..................................1..K....@..................((...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................1......H........#......................P ......................................O..q.<.P$[p.;a<...Ci......K..!..&.d...FaLJ.....f..........w.E.E........(y...,.Lr..R..........T.z....5..;.. ....&V.=}.... .0.0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0................*..0...............*...0...............*...0..........

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\ThirdPartyPackageManager.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):50216
                                                                                                                                                                                                                                        Entropy (8bit):6.207311639251304
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:39m7rm+YASu8B7i8d4g/eDEBHqLxAh7f61IkBnCqbC2WEpYi60hx:vzB7zDeIBKtAI15Bnu2X76u
                                                                                                                                                                                                                                        MD5:B950A696F021C3959CC6A057DDEF79FB
                                                                                                                                                                                                                                        SHA1:69E192D4EC941B4F7CEFEB1877B619149B5AA7AC
                                                                                                                                                                                                                                        SHA-256:CA64A8CBD3E49BBD47F1BDB5FB293E9856947AFFD38DF6AA31587C7C652BEE6C
                                                                                                                                                                                                                                        SHA-512:C1A3AC50CE2E989686F8238C87B02CA8EA7FFF10631E0538FC7B0FD1E8F5C70C3E72EAAB51F392CBD0DA110686EF891FD5497F55F890749BADD0170136800E36
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....[]..........." ..0.................. ........... ....................................`.................................E...O.......................((..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................y.......H.......@K..Lf............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\ThirdPartyPackageManager.dll.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1140
                                                                                                                                                                                                                                        Entropy (8bit):4.958392223272386
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:JduPF7N8OH2//3dVhOXrRH2/dV0PH2/+w3VUrPH2/+789y:327iOgl27Rgdsg+w3Sg+78w
                                                                                                                                                                                                                                        MD5:082A70376537A2E9B0BD9DFAD8D2496D
                                                                                                                                                                                                                                        SHA1:1B4A667CFB09D050614149D6FD8A283071DC890A
                                                                                                                                                                                                                                        SHA-256:50934981FA1B0066B22261984941887740838459B5CFA06846BA15F39B4D10F9
                                                                                                                                                                                                                                        SHA-512:763212C74B6AB727C6E2C19CA2CDFC547B357BD5E1E5C196A3A2598DCEB316D3C8E8554A7EDD1AFA99FD38E1153EDC383631D2755BB31E70236084CF27C49875
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="log4net" publicKeyToken="669e0ddf0bb1aa2a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-2.0.12.0" newVersion="2.0.12.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Buffers" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Memory" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedir

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\cachedSoftware.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (3764), with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3764
                                                                                                                                                                                                                                        Entropy (8bit):5.620070724680622
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:HECI98IbX5aUGIrKJ4f6/ShIdg+yuYqlUQp1YilXTeMjIR:HEC088X5aUGF86/ShIg+yuYqlJXYE7U
                                                                                                                                                                                                                                        MD5:DBB1EA1D3CB86514C3B4A6AD56FA2ED3
                                                                                                                                                                                                                                        SHA1:AB7FEB80A2ABBAC8BCC158D85FA26ED7081BA6CC
                                                                                                                                                                                                                                        SHA-256:2A3D3524E97960A76B50676BEF96ADD80654B2FAA481456DAC356CC5D4CF2907
                                                                                                                                                                                                                                        SHA-512:FDA85F739011629DDD46AD989D1CD058A908C013E7F178166F1EC22AA9C2EC177BF9F11BF304B480AAA7114B06BFC6B1FCEDA0C710361F813BCCC8A4A4D9AC3F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:W3siUmVtb3ZlYWJsZSI6dHJ1ZSwiTmFtZSI6IjctWmlwICAoeDY0KSIsIlZlcnNpb24iOiIyMy4wMSIsIkluc3RhbGxlZE9uIjoiMjAyMy0xMC0wM1QwNjo1MToyOC40NTUzNDczLTA0OjAwIiwiUHVibGlzaGVyIjoiSWdvciBQYXZsb3YiLCJTaXplSW5CeXRlcyI6NTc4OTY5NiwiQXZhaWxhYmxlVmVyc2lvbiI6bnVsbCwiU3RhdHVzIjoiSW5zdGFsbGVkIiwiVGhpcmRQYXJ0eU5hbWUiOm51bGx9LHsiUmVtb3ZlYWJsZSI6dHJ1ZSwiTmFtZSI6IkFkb2JlIEFjcm9iYXQgKDY0LWJpdCkiLCJWZXJzaW9uIjoiMjMuMDA2LjIwMzIwIiwiSW5zdGFsbGVkT24iOiIyMDIzLTEwLTAzVDAwOjAwOjAwIiwiUHVibGlzaGVyIjoiQWRvYmUiLCJTaXplSW5CeXRlcyI6NjI2NzQ1MzQ0LCJBdmFpbGFibGVWZXJzaW9uIjpudWxsLCJTdGF0dXMiOiJJbnN0YWxsZWQiLCJUaGlyZFBhcnR5TmFtZSI6bnVsbH0seyJSZW1vdmVhYmxlIjpmYWxzZSwiTmFtZSI6IkF0ZXJhQWdlbnQiLCJWZXJzaW9uIjoiMS44LjcuMiIsIkluc3RhbGxlZE9uIjoiMjAyNC0wMi0yOFQxMDo1MjowNC0wNTowMCIsIlB1Ymxpc2hlciI6IkF0ZXJhIG5ldHdvcmtzIiwiU2l6ZUluQnl0ZXMiOjQ5MjAwNDgsIkF2YWlsYWJsZVZlcnNpb24iOm51bGwsIlN0YXR1cyI6Ikluc3RhbGxlZCIsIlRoaXJkUGFydHlOYW1lIjpudWxsfSx7IlJlbW92ZWFibGUiOmZhbHNlLCJOYW1lIjoiR29vZ2xlIENocm9tZSIsIlZlcnNpb24iOiIxMTcuMC41OTM4LjEzMiIsIkluc3RhbGxl

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\choco-logs\11-08-2024 07_39_28-log.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):301
                                                                                                                                                                                                                                        Entropy (8bit):4.898878940140915
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:tVb5kBm7ObCDL7fsDPV7gRQQgb5kBm7ObCDL7fsDPV7gRvgOBLy:pem717f8PV7UQQ6em717f8PV7Up9y
                                                                                                                                                                                                                                        MD5:F5ADB4BF688F888451346501914E801D
                                                                                                                                                                                                                                        SHA1:B7103D27E3A34C5EA878D342FEE1C317234274A7
                                                                                                                                                                                                                                        SHA-256:D3524D2EEFAD5EDD967349655A68F23475D7C78B5BD97731AAF7AB353F277245
                                                                                                                                                                                                                                        SHA-512:4B517B4260D8F67443E5B581AD4AC07EF819C46B7B2504ADA75E26049D09176548E30CD469501ABC9CA35F1FA62B6FB2FBE218F39A4D85D786F511BE39A5EE2B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\choco-logs\11-08-2024 07_39_28-log.txt, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\choco-logs\11-08-2024 07_39_28-log.txt, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\choco-logs\11-08-2024 07_39_28-log.txt, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\choco-logs\11-08-2024 07_39_28-log.txt, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.Directory 'C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\lib' does not exist...Enabled allowGlobalConfirmation..Directory 'C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\lib' does not exist...0 packages installed...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\choco-logs\11-08-2024 07_39_29-log.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):275
                                                                                                                                                                                                                                        Entropy (8bit):4.877907726544251
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:tVb5kBm7ObCDL7fsDPV7gRoUvlwTS7v33LQ7mLLlGKACCWOKEe:pem717f8PV7UO+fo6BNVB
                                                                                                                                                                                                                                        MD5:DA74935F66150D0D5B81820876FB7CF6
                                                                                                                                                                                                                                        SHA1:72C2E449991D8AC8475D975278DA19E5ECD22602
                                                                                                                                                                                                                                        SHA-256:784F35617FF7C184384B9710C94709F9A55F3FABF51DC8A68C5429BC5A595E2D
                                                                                                                                                                                                                                        SHA-512:A37949ADC8B72F522CCE6875090585A47809E9CB3A269036BF2F318BE87AC189178DB2258410EC4EFADAA5E878074D027A6EE7FEB0C29827546270BD46CA904C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\choco-logs\11-08-2024 07_39_29-log.txt, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.Directory 'C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\lib' does not exist...Outdated Packages.. Output is package name | current version | available version | pinned?......Chocolatey has determined 0 package(s) are outdated. ..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\chocolatey.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6655016
                                                                                                                                                                                                                                        Entropy (8bit):6.267124988963532
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:98304:XCMEM0MUMRMxMwMkfqbjxbSzGVr4W11ByHY4W6upIjA:vlV1qKpkfqbjeGVr4NHYJ60iA
                                                                                                                                                                                                                                        MD5:C92C6FDD6C8D332F2549CBD0246E00E8
                                                                                                                                                                                                                                        SHA1:000A23105DA6036C0F0F6BE078B1DF1362A80017
                                                                                                                                                                                                                                        SHA-256:5E2DB8CDD4607D548B8A079A9C4E475C830FC28BE99587495FA018C17161AB3F
                                                                                                                                                                                                                                        SHA-512:94F9A86402CFDECD62B667C40F43513BA66348F3CE1AFF5A392DCD59E4FF952AC403F5DBD9BFB9115824ED1D3D281BDD79539AD22DC9105D4031FE3F7EDE4F96
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\chocolatey.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Db........... ......c..........c.. ....c...@.. ........................e.....e(f...@...................................c.L.....c..............de.((....e.......c...............................................c.............. ..H............text...w.c.. ....c................. ..`.rsrc.........c.......c.............@..@.reloc........e......be.............@..B................H.........A...!.........H....3..........................................0..T.......r...p...o......9,....s......o......o.....o..........9.....o...........9.....o......*.........3..........7E......"..o....*...b.:....~....*.o....(....*....0..s........:....~....*.o......9......i:....~....*.~....:...........s.........~....(...+~....:...........s.........~....(...+*.....6..r...p(....*.."..(....*...:.(......}....*..0..+.......s.2.....}.....r...pr...p... 2..s....o....&*......0..{........o..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\config\chocolatey.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (495), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):9380
                                                                                                                                                                                                                                        Entropy (8bit):4.897876021534469
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:rwhyxWvf7L6ZapbrzRmXBzCWKZD68NJ+IK2E8V1ExAuVXI4n7rJ+ZXVx:sjL6Z+Ht6B+WshDK2EiEJ7lEFx
                                                                                                                                                                                                                                        MD5:9D1528A2CE17522F6DE064AE2C2B608E
                                                                                                                                                                                                                                        SHA1:2F1CE8B589E57AB300BB93DDE176689689F75114
                                                                                                                                                                                                                                        SHA-256:11C9AD150A0D6C391C96E2B7F8AD20E774BDD4E622FCDFBF4F36B6593A736311
                                                                                                                                                                                                                                        SHA-512:A19B54ED24A2605691997D5293901B52B42F6AF7D6F6FDA20B9434C9243CC47870EC3AE2B72BDEA0E615F4E98C09532CB3B87F20C4257163E782C7AB76245E94
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<chocolatey xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">.. <config>.. <add key="cacheLocation" value="" description="Cache location if not TEMP folder. Replaces `$env:TEMP` value for choco.exe process. It is highly recommended this be set to make Chocolatey more deterministic in cleanup." />.. <add key="containsLegacyPackageInstalls" value="true" description="Install has packages installed prior to 0.9.9 series." />.. <add key="commandExecutionTimeoutSeconds" value="2700" description="Default timeout for command execution. '0' for infinite (starting in 0.10.4)." />.. <add key="proxy" value="" description="Explicit proxy location. Available in 0.9.9.9+." />.. <add key="proxyUser" value="" description="Optional proxy user. Available in 0.9.9.9+." />.. <add key="proxyPassword" value="" description="Optional proxy password. Encrypted. Available in 0.9.9.9+." />.. <add key

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\config\chocolatey.config.2672.update

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (495), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):9380
                                                                                                                                                                                                                                        Entropy (8bit):4.897876021534469
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:rwhyxWvf7L6ZapbrzRmXBzCWKZD68NJ+IK2E8V1ExAuVXI4n7rJ+ZXVx:sjL6Z+Ht6B+WshDK2EiEJ7lEFx
                                                                                                                                                                                                                                        MD5:9D1528A2CE17522F6DE064AE2C2B608E
                                                                                                                                                                                                                                        SHA1:2F1CE8B589E57AB300BB93DDE176689689F75114
                                                                                                                                                                                                                                        SHA-256:11C9AD150A0D6C391C96E2B7F8AD20E774BDD4E622FCDFBF4F36B6593A736311
                                                                                                                                                                                                                                        SHA-512:A19B54ED24A2605691997D5293901B52B42F6AF7D6F6FDA20B9434C9243CC47870EC3AE2B72BDEA0E615F4E98C09532CB3B87F20C4257163E782C7AB76245E94
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<chocolatey xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">.. <config>.. <add key="cacheLocation" value="" description="Cache location if not TEMP folder. Replaces `$env:TEMP` value for choco.exe process. It is highly recommended this be set to make Chocolatey more deterministic in cleanup." />.. <add key="containsLegacyPackageInstalls" value="true" description="Install has packages installed prior to 0.9.9 series." />.. <add key="commandExecutionTimeoutSeconds" value="2700" description="Default timeout for command execution. '0' for infinite (starting in 0.10.4)." />.. <add key="proxy" value="" description="Explicit proxy location. Available in 0.9.9.9+." />.. <add key="proxyUser" value="" description="Optional proxy user. Available in 0.9.9.9+." />.. <add key="proxyPassword" value="" description="Optional proxy password. Encrypted. Available in 0.9.9.9+." />.. <add key

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\config\chocolatey.config.backup (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (495), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):9380
                                                                                                                                                                                                                                        Entropy (8bit):4.897876021534469
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:rwhyxWvf7L6ZapbrzRmXBzCWKZD68NJ+IK2E8V1ExAuVXI4n7rJ+ZXVx:sjL6Z+Ht6B+WshDK2EiEJ7lEFx
                                                                                                                                                                                                                                        MD5:9D1528A2CE17522F6DE064AE2C2B608E
                                                                                                                                                                                                                                        SHA1:2F1CE8B589E57AB300BB93DDE176689689F75114
                                                                                                                                                                                                                                        SHA-256:11C9AD150A0D6C391C96E2B7F8AD20E774BDD4E622FCDFBF4F36B6593A736311
                                                                                                                                                                                                                                        SHA-512:A19B54ED24A2605691997D5293901B52B42F6AF7D6F6FDA20B9434C9243CC47870EC3AE2B72BDEA0E615F4E98C09532CB3B87F20C4257163E782C7AB76245E94
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<chocolatey xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">.. <config>.. <add key="cacheLocation" value="" description="Cache location if not TEMP folder. Replaces `$env:TEMP` value for choco.exe process. It is highly recommended this be set to make Chocolatey more deterministic in cleanup." />.. <add key="containsLegacyPackageInstalls" value="true" description="Install has packages installed prior to 0.9.9 series." />.. <add key="commandExecutionTimeoutSeconds" value="2700" description="Default timeout for command execution. '0' for infinite (starting in 0.10.4)." />.. <add key="proxy" value="" description="Explicit proxy location. Available in 0.9.9.9+." />.. <add key="proxyUser" value="" description="Optional proxy user. Available in 0.9.9.9+." />.. <add key="proxyPassword" value="" description="Optional proxy password. Encrypted. Available in 0.9.9.9+." />.. <add key

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\ChocolateyTabExpansion.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (965), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12946
                                                                                                                                                                                                                                        Entropy (8bit):5.132019659587194
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:ctpHjcTfbZO0g2ZyAvGZkAsoXCxAziDR/67E4Pb:ctpDBCvGZkAsCCxAziDR/sF
                                                                                                                                                                                                                                        MD5:0BB54C9DA241E0EAAFB6C976AC07EAA7
                                                                                                                                                                                                                                        SHA1:045808C9106A4C356AB15A2D8680FDB737DC98A6
                                                                                                                                                                                                                                        SHA-256:071CE6FCE85051E373C1B05BB82A92FFB8BEBF34C768B7A2F6E809000A78479F
                                                                                                                                                                                                                                        SHA-512:C118C9FEC5903D1F2F6A6FA070130FCEBAAD70AF3459DA82069C5C8ED3D66CEE374C098C6247CCD528187B6856FAA458EBBD8B6F2C0C68C2A5B8EF32C2D7CD75
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2011 - 2017 RealDimensions Software, LLC..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...#..# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....# Ideas from the Awesome Posh-Git - https://github.com/dahlbyk/posh-git..# Posh-Git License - https://github.com/dahlbyk/posh-git/blob/1941da2472eb668cde2d6a5fc921d5043a024386/LICENSE.txt..# http://www.jeremyskinner.co.uk/2010/03/07/using-git-with-windows-powershell/....$Global:ChocolateyTabSettings = New-Object PSObject -P

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\chocolateyInstaller.psm1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3903
                                                                                                                                                                                                                                        Entropy (8bit):4.986280475081154
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:cSyL+4pGXHFKoqWJBYc4R2wf3TQJb3jl7t3iv:cSyL+QGXHMWJB7VFUv
                                                                                                                                                                                                                                        MD5:1CF35331F337493A5B5B8C482E32B507
                                                                                                                                                                                                                                        SHA1:149D5B5ABB4FF20CFAA333946BAAEC6B8EFA5630
                                                                                                                                                                                                                                        SHA-256:CCF763934E3801002C260246316DF70C64C66E7721C24B300C634567F5885A39
                                                                                                                                                                                                                                        SHA-512:03652CA25D2A78860F735B57600B940D2723DD23E24A2632D5CA76DBFACBF95CD1090428FB6AC23BF945AB20C1C201155CF26161361853DB94A5D85AE753C0A1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2015 - 2017 RealDimensions Software, LLC..# Copyright . 2011 - 2015 RealDimensions Software, LLC & original authors/contributors from https://github.com/chocolatey/chocolatey..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....$helpersPath = Split-Path -Parent $MyInvocation.MyCommand.Definition....$global:DebugPreference = "SilentlyContinue"..if ($env:ChocolateyEnvironmentDebug -eq 'true') {.. $global:DebugPrefe

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\chocolateyProfile.psm1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1178
                                                                                                                                                                                                                                        Entropy (8bit):5.161789340951933
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:cSyJ3554IpgyZA0SU0E+SlHQk1GpsLAjQSDg6pucReEe7:cSyX54pyFd0AlH31KoLKRed
                                                                                                                                                                                                                                        MD5:610AD6370C8DACB3861200B8827DF768
                                                                                                                                                                                                                                        SHA1:E6831DF0C1ADB4664BDE6D2D48DCE28CC1918A83
                                                                                                                                                                                                                                        SHA-256:B06996C9A26663FCF41B2406D12C4597075AB7F94CDD320EEE64EAC9AEA95DFD
                                                                                                                                                                                                                                        SHA-512:C3A30128443E47D5D38CFD8C989E8317668EEDA6B4E85BEE94B76034479DEC0BED4C980ACD797153259CF0DF2807E79C3B3F4AAADF21E255A35BBDBE2F2E16E9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2011 - 2017 RealDimensions Software, LLC..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# ..# You may obtain a copy of the License at..# ..# http://www.apache.org/licenses/LICENSE-2.0..# ..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....if (Get-Module chocolateyProfile) { return }....$thisDirectory = (Split-Path -parent $MyInvocation.MyCommand.Definition)..... $thisDirectory\functions\Write-FunctionCallLogMessage.ps1... $thisDirectory\functions\Get-EnvironmentVariable.ps1... $thisDirectory\functions\Get-EnvironmentVariableNames.ps1... $thisDirectory\fun

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\chocolateyScriptRunner.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2892
                                                                                                                                                                                                                                        Entropy (8bit):5.176658574720988
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:RkBibyQwcYIRQcRwAshP5l8kRMCpEMwK/JvoPEY0nzWBIxjO0L5E8bWHtt6rh4:eiAc5HGAshhCQMChR/JsZYzWBeO85Ecm
                                                                                                                                                                                                                                        MD5:EF32E09F41D2F8234E4482C6B52FFFB1
                                                                                                                                                                                                                                        SHA1:446185592825F7B7894CC5A9E2FCB4F015B9E810
                                                                                                                                                                                                                                        SHA-256:ACC5E8AB085FDD00B1C333853D74B1EC15777212A435C2DE8B56A490BE07103C
                                                                                                                                                                                                                                        SHA-512:7273DE65F571C4302BAC73C3FA3AEBDB7887B923EABAC10457C2A2C329B67979726440ED0C5E190C7728676D9382D4C8E2F4D030336630BC82AC7AE2FB20B58F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.param(.. [alias("ia","installArgs")][string] $installArguments = '',.. [alias("o","override","overrideArguments","notSilent")].. [switch] $overrideArgs = $false,.. [alias("x86")][switch] $forceX86 = $false,.. [alias("params","parameters","pkgParams")][string]$packageParameters = '',.. [string]$packageScript..)....$global:DebugPreference = "SilentlyContinue"..if ($env:ChocolateyEnvironmentDebug -eq 'true') { $global:DebugPreference = "Continue"; }..$global:VerbosePreference = "SilentlyContinue"..if ($env:ChocolateyEnvironmentVerbose -eq 'true') { $global:VerbosePreference = "Continue"; $verbosity = $true }....Write-Debug '---------------------------Script Execution---------------------------'..Write-Debug "Running 'ChocolateyScriptRunner' for $($env:packageName) v$($env:packageVersion) with packageScript `'$packageScript`', packageFolder:`'$($env:packageFolder)`', installArguments: `'$installArguments`', packageParameters: `'$packageParameters`',"....## Set the culture to invar

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Format-FileSize.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1751
                                                                                                                                                                                                                                        Entropy (8bit):5.27319452124258
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:cSyJ3554IpXAAyU0E+SlHQk1GpsLAKFoYlMp9TlxNAZiTxGEXL5FGX/OFchWoCah:cSyX54q90AlH31Koyh9xnFVVc/4oqPli
                                                                                                                                                                                                                                        MD5:12E0A95C9BD0A49DA769C2927C648DFB
                                                                                                                                                                                                                                        SHA1:33174164C23D10B43E26CEE56E1A6FB60E8D9F4D
                                                                                                                                                                                                                                        SHA-256:3A2A002BD7213ECCE52FB82C470B824770A11DEB0A33DDB319A24824CE4676DA
                                                                                                                                                                                                                                        SHA-512:D19E22031409B216A10815FE606852712EF0136B9056541774DC66AE9C57994DE5A667AE1F925D547D1BCCF6AE9221D939F7CE2BFC87ABC98C634858E1CCAA7B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2011 - 2017 RealDimensions Software, LLC..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...#..# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....Function Format-FileSize {..<#...SYNOPSIS..DO NOT USE. Not part of the public API......DESCRIPTION..Formats file size into a human readable format......NOTES..Available in 0.9.10+.....This function is not part of the API......INPUTS..None.....OUTPUTS..Returns a string representation of the file size in a more friendly..form

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-CheckSumValid.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (505), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11504
                                                                                                                                                                                                                                        Entropy (8bit):5.008896354130034
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:cSyL+QGXHpi+o8HrDe07ZUWKVjakELFiuPOizDIinqSQ/fa:ctL+QGwKS07ZUOZPpDDyfa
                                                                                                                                                                                                                                        MD5:9443CB695D075DAA7DE91510A1E35C14
                                                                                                                                                                                                                                        SHA1:7676604D3C1F0BD26632DC41FCF1310908D422C6
                                                                                                                                                                                                                                        SHA-256:7095FB2F3F44FEE977D3B53DEE93B952D04325108B090F5F7E8503F758C27F18
                                                                                                                                                                                                                                        SHA-512:2D0B8C3345B6573F56A54D357BB700D83B3AB5A40DED0AA2DC5A40DAC0523DB86BBC5BAA10CB3B4B1785123B8F32CEC5A86F350AF315A2BFF6885C08BD77758F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2015 - 2017 RealDimensions Software, LLC..# Copyright . 2011 - 2015 RealDimensions Software, LLC & original authors/contributors from https://github.com/chocolatey/chocolatey..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....function Get-ChecksumValid {..<#...SYNOPSIS..Checks a file's checksum versus a passed checksum and checksum type......DESCRIPTION..Makes a determination if a file meets an expected checksum s

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-ChocolateyUnzip.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10482
                                                                                                                                                                                                                                        Entropy (8bit):5.191184135569746
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:cSyL+QGXHphcdudY/xIVBO6zgV6ZlR86nFTDzH0sQsPbnJ8Yc9bTp05va:ctL+QGTqudY/xcBOSt3XHRJNva
                                                                                                                                                                                                                                        MD5:F740F29F0AC79C7E5BA69B1CF3E6DC74
                                                                                                                                                                                                                                        SHA1:8F609B5BDCCE295AEF29011858B31608D26E8E04
                                                                                                                                                                                                                                        SHA-256:550231F4568914C786BF3BDE0FF4897DCE761084D33CFA6D8FD462B34A779D88
                                                                                                                                                                                                                                        SHA-512:FC567A01086E8E6A55AAD1E3AEA0E9639E2F8C03399728A5421214E1E0CBF726A7D0F7422EBE3CE74C226F27C11C051760CDAD2AFBB5E69294152669929AB05A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2015 - 2017 RealDimensions Software, LLC..# Copyright . 2011 - 2015 RealDimensions Software, LLC & original authors/contributors from https://github.com/chocolatey/chocolatey..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....function Get-ChocolateyUnzip {..<#...SYNOPSIS..Unzips an archive file and returns the location for further processing......DESCRIPTION..This unzips files using the 7-zip command line tool 7z.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-ChocolateyWebFile.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16502
                                                                                                                                                                                                                                        Entropy (8bit):5.146477219224201
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:cSyL+QGXHpWybOWetWKW3VjEve49W9cO1kazvJwKEDbrj:ctL+QGPnetZ2EvXOlybrj
                                                                                                                                                                                                                                        MD5:CD302EF4E080D330A9DEAFA584C049AB
                                                                                                                                                                                                                                        SHA1:53B98CD3540A35FF32E1E6DDA2BB3F786FAE23ED
                                                                                                                                                                                                                                        SHA-256:3E18EB6CF646474E9259E932679E04DF1CC4322E2E354A770F32A0F7D67C72A4
                                                                                                                                                                                                                                        SHA-512:B0D74A92DFB16CBE799C781CAD2702C6932BA5B15A28EE5AF2FB56A4CFA4317B2347AF227A9484A0536CC95674CFBB89343E3955C2457AFD0D23854963D85BFC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2015 - 2017 RealDimensions Software, LLC..# Copyright . 2011 - 2015 RealDimensions Software, LLC & original authors/contributors from https://github.com/chocolatey/chocolatey..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....function Get-ChocolateyWebFile {..<#...SYNOPSIS..Downloads a file from the internets......DESCRIPTION..This will download a file from a url, tracking with a progress bar...It returns the file

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-EnvironmentVariable.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4123
                                                                                                                                                                                                                                        Entropy (8bit):5.288017280806032
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:cSyL+4pGXHFKotzWfp1Vr4MeAWMK13MqhPTv6ee5:cSyL+QGXH3Gp1VrSAQ3Mqg
                                                                                                                                                                                                                                        MD5:E564E914B196DAC040D08110D5D8718D
                                                                                                                                                                                                                                        SHA1:2532E9010D3A67A6FF345F2564A843800DC59CBB
                                                                                                                                                                                                                                        SHA-256:5AF7D3DC6B44142492B9E31A69352873D43D570D7D4718B2942A67D3D6180951
                                                                                                                                                                                                                                        SHA-512:06127E83C2BBDA160183D3DC5E51E652E2011C760B561DA639BDF847F085DB3E93E3C5F0B5C12C1114D228C3882E0FBC81418CF9CAA3C04FA837CE0A68574EFF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2015 - 2017 RealDimensions Software, LLC..# Copyright . 2011 - 2015 RealDimensions Software, LLC & original authors/contributors from https://github.com/chocolatey/chocolatey..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....function Get-EnvironmentVariable {..<#...SYNOPSIS..Gets an Environment Variable......DESCRIPTION..This will will get an environment variable based on the variable name..and scope while accoun

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-EnvironmentVariableNames.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2060
                                                                                                                                                                                                                                        Entropy (8bit):5.165746374691896
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:cSyL+4pe90AlH31KoMfcM1KIcoCtJS0RjhYigLiO:cSyL+4pGXHFKovCZWdQ
                                                                                                                                                                                                                                        MD5:D4DF76AC88518CA76BD5EC4605C55781
                                                                                                                                                                                                                                        SHA1:8B540089E4B1AF183CF9D8053043BD4252A8B2BB
                                                                                                                                                                                                                                        SHA-256:F73E30026DC59EF1B1375FE869347BAE2E02BDC51117E17DD2717E7DE7F712F6
                                                                                                                                                                                                                                        SHA-512:BC37855DDEEF6BD3BECA66109F3EBE09B82409DD8EB1B6DEFC1ADCCEA397356FB521BC22CA8B7D34A418EB6EAAC1E9B277CBD333251A149C46E104980FBF3071
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2015 - 2017 RealDimensions Software, LLC..# Copyright . 2011 - 2015 RealDimensions Software, LLC & original authors/contributors from https://github.com/chocolatey/chocolatey..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....function Get-EnvironmentVariableNames([System.EnvironmentVariableTarget] $Scope) {..<#...SYNOPSIS..Gets all environment variable names......DESCRIPTION..Provides a list of environment variabl

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-FtpFile.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):7947
                                                                                                                                                                                                                                        Entropy (8bit):5.051645140778019
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:3SfwB1bbVPeBlvvJ5nli61sre8+007Oc+pbkmzqMd0yiW:3SfwHBgPd04OHpb3yW
                                                                                                                                                                                                                                        MD5:15DDE6C604B0BD3A0C1F569BAAC9B91B
                                                                                                                                                                                                                                        SHA1:9366C80608BB20A9CFD84AD574D561E481F9B0B8
                                                                                                                                                                                                                                        SHA-256:12FA2C7D770F0AF308D535A3523903F730A2121B2C72D05A9EA7BF9E5AA27C72
                                                                                                                                                                                                                                        SHA-512:B2DFDC3BC98ADE4486A0CC30E3124F16F9788D6DD8214DF4C6460FE818CFC645EF36FAF03AC99490D0BFEA6A0FDA8646845E9A23C464B13C486E8C8677913339
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.## Get-FtpFile..##############################################################################################################..## Downloads a file from ftp..## Some code from http://stackoverflow.com/questions/265339/whats-the-best-way-to-automate-secure-ftp-in-powershell..## Additional functionality emulated from http://poshcode.org/417 (Get-WebFile)..## Written by Stephen C. Austin, Pwnt & Co. http://pwnt.co..##############################################################################################################..## Additional functionality added by Chocolatey Team / Chocolatey Contributors..## - Proxy..## - Better error handling..## - Inline documentation..## - Cmdlet conversion..## - Closing request/response and cleanup..## - Request / ReadWriteResponse Timeouts..##############################################################################################################..function Get-FtpFile {..<#...SYNOPSIS..Downloads a file from a File Transfter Protocol (FTP) l

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-OSArchitectureWidth.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2930
                                                                                                                                                                                                                                        Entropy (8bit):5.220783998189862
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:cSyL+4pe90AlH31KoMBigsroWdBWuzonabOsEahaqTtYkkdrO57XMp0o3jMoF7d3:cSyL+4pGXHFKoySxwn0zhaqT6r8Bo3j9
                                                                                                                                                                                                                                        MD5:5CE49B0DAF505DBCDA1D6E3B21FCCE88
                                                                                                                                                                                                                                        SHA1:68B5493F4C79FA198269A211B4B3A981FE06CEBA
                                                                                                                                                                                                                                        SHA-256:94DC6FBE584FE5DA6333E44F4F0EFA88254A7F78EAC1DE593683A50F33EECD96
                                                                                                                                                                                                                                        SHA-512:580AF8026407DC485BDFBDED106CF3DFD778A900504BF5A66AE1B14C9A1A7F1F80E7E888A26B42446091D40B61E4F3250E3D1CBD661C3557B05A3275E9522545
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2015 - 2017 RealDimensions Software, LLC..# Copyright . 2011 - 2015 RealDimensions Software, LLC & original authors/contributors from https://github.com/chocolatey/chocolatey..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....function Get-OSArchitectureWidth {..<#...SYNOPSIS..Get the operating system architecture address width......DESCRIPTION..This will return the system architecture address width (probably 32 or

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-PackageParameters.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):7233
                                                                                                                                                                                                                                        Entropy (8bit):5.212503071724739
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:cSyhrzQGXHHyN604JEtV/OyU/rFPV/LA+N/IwX/G3:cthrzQGA4JEArFPZLAkIwX8
                                                                                                                                                                                                                                        MD5:5CB5EC1EFD682DB6B436388E63841227
                                                                                                                                                                                                                                        SHA1:15234AFA9F45671CC89DF05DF9371F125213F5CE
                                                                                                                                                                                                                                        SHA-256:F34917832A7347060BC1B8DCDD05FD4E5AA1672DBFA6A81DBABE9A978AD4B3A2
                                                                                                                                                                                                                                        SHA-512:9E7D279B3CF9D737F2D114085FCBBD6AD13F681BF1365109AD20D9998EF20EA28E7703337E12BA5F350BE4CC37B35E5C7A7ED57FF45896D40B3F628672ED2096
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2016 - 2017 Original authors from https://github.com/chocolatey/chocolatey-coreteampackages..# Copyright . 2016 Miodrag Mili. - https://github.com/majkinetor/au-packages/commit/bf95d56fe5851ee2e4f6f15f79c1a2877a7950a1..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....# special thanks to the Core Community Maintainers team and their work..# on the Get-PackageParameters function that is in the..# `chocolatey-core.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-ToolsLocation.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (333), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3761
                                                                                                                                                                                                                                        Entropy (8bit):4.908858016895155
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:cSyp4pGXHFKo/jFKv+Q/IT00CSZL5eFYE/:cSypQGXHNRKvGT06L5eFYk
                                                                                                                                                                                                                                        MD5:D248C571C9B745CD77B6FF016245AFDA
                                                                                                                                                                                                                                        SHA1:476E0532FA0972690A43C1227C1E50FED6916064
                                                                                                                                                                                                                                        SHA-256:64CA4E5DF3587448659E052FACF69D47DAB48845929A1D21C386812DEE25285D
                                                                                                                                                                                                                                        SHA-512:114DF561CFD26AEB535B7804AE5C978F1850EA07F609C502BC745683229E06FB7AD76F04F610CC2A2CE4890FCAFC089202BD96BCA146745CCC6226E0FD63C91E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2011 - 2017 RealDimensions Software, LLC..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....function Get-ToolsLocation {..<#...SYNOPSIS..Gets the top level location for tools/software installed outside of..package folders......DESCRIPTION..Creates or uses an environment variable that a user can control to..communicate with packages about where they would like software that is..not installed through native installer

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-UACEnabled.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1891
                                                                                                                                                                                                                                        Entropy (8bit):5.216117200464903
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:cSyL+4pe90AlH31KoMo/f0n9WZH78+0tJwHKlkn:cSyL+4pGXHFKozeM6+0kHEkn
                                                                                                                                                                                                                                        MD5:D7810321DDE3F67CCD37E6280D9FC5EA
                                                                                                                                                                                                                                        SHA1:052053BEE38A1F79785B40290CC872E4540D6331
                                                                                                                                                                                                                                        SHA-256:AC936BF04E1890321EEFC321A82F353BECA22633EB0F72DC497F8CF5F45EC99C
                                                                                                                                                                                                                                        SHA-512:F365E429C4D013D8C0394575FBEC031AFD03991FC8019860795EC3D8DD7CAB8D43C539FCAED0A04C5C6979E5046166CAD5E2F8D6A3CD5688D78AB17411C0BEDE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2015 - 2017 RealDimensions Software, LLC..# Copyright . 2011 - 2015 RealDimensions Software, LLC & original authors/contributors from https://github.com/chocolatey/chocolatey..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....function Get-UACEnabled {..<#...SYNOPSIS..Determines if UAC (User Account Control) is turned on or off......DESCRIPTION..This is a low level function used by Chocolatey to decide whether..pro

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-UninstallRegistryKey.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6009
                                                                                                                                                                                                                                        Entropy (8bit):5.183782879831246
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:cSyp4aXHFKo+l0Y9WqbUqcN1bLZAiwSVg2SHBjqmnn3seTIIe8bMH/g4F267rTli:cSypHXHyJvIXN1miVVoTIyJ6rT25
                                                                                                                                                                                                                                        MD5:8BDD492FD645ABC85E1A76BFB3BB9306
                                                                                                                                                                                                                                        SHA1:0B84BACF023719AAF1F52544FDA4B1542E3FBD5D
                                                                                                                                                                                                                                        SHA-256:2F11852DCC6C4C45BAA7355A5ABA501846A96DA75B0332A5347D382D876F94C8
                                                                                                                                                                                                                                        SHA-512:D9B1E7457B71F0DD930C7DD10076FCCB75E2F6AE6E7129FC417F629DE63C34B8448D7F52D733B476BBAC39C2A758444F462CA8839987C6E3C178C592F6212EEB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2011 - 2017 RealDimensions Software, LLC..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...#..# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....function Get-UninstallRegistryKey {..<#...SYNOPSIS..Retrieve registry key(s) for system-installed applications from an..exact or wildcard search......DESCRIPTION..This function will attempt to retrieve a matching registry key for an..already installed application, usually to be used with a..chocolateyUninstall.ps1 automatio

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-VirusCheckValid.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1815
                                                                                                                                                                                                                                        Entropy (8bit):5.188333753523367
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:cSy93R2O+4Ipg8AQyU0E+SlHQk1GpsLA9NIrd+aL85TiV+hT0hCmTxGz1echWtLt:cSyL+4pe90AlH31KoMCoaYp4AmVMMth
                                                                                                                                                                                                                                        MD5:FE5456E477F7D5131DD448942A3AD961
                                                                                                                                                                                                                                        SHA1:C8FDE141D6D5E6713A13C2A6DF55A07E2BB187E5
                                                                                                                                                                                                                                        SHA-256:88D9BA7C04A62D34EDB6A913CE00463FBDC82A2986AC9F459E04B75BC1728922
                                                                                                                                                                                                                                        SHA-512:261AA5F14F8A98638869A509844ECDEE1286B97B131D89A3B901AC2B40F09066CBC1C073D32DDE3EA160FB2C2F971BA0D6785981C6C180BEC5DC4F0D6029421E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2015 - 2017 RealDimensions Software, LLC..# Copyright . 2011 - 2015 RealDimensions Software, LLC & original authors/contributors from https://github.com/chocolatey/chocolatey..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....function Get-VirusCheckValid {..<#...SYNOPSIS..Used in Pro/Business editions. Runtime virus check against downloaded..resources......DESCRIPTION..Run a runtime malware check against downloade

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-WebFile.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12827
                                                                                                                                                                                                                                        Entropy (8bit):5.065872919066253
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:eBbyvHpL71ZxDlVWfYuuiy5nevc/n30zrryM3zE2LoQY+VUqZA:eBgptZxOQt10zrryMFLdYWU6A
                                                                                                                                                                                                                                        MD5:76013037F6A0E623C39D9D07C20D3BAE
                                                                                                                                                                                                                                        SHA1:7DC87082B4D2AB36AB08D6826CA209E2CD7C5694
                                                                                                                                                                                                                                        SHA-256:8FCCA5AA5F0F631FBE9D319EB13C5A282F5DBC1D8D4BC0852021BE0524A6DD39
                                                                                                                                                                                                                                        SHA-512:9D92B42EEBEE276522103D23EF646DFEC32630E97673B816F51841948C6DD9DA89A89B897D515CFFECED7D14174EF83110FFA4B0BA9F64E1738F083592E696F0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# http://poshcode.org/417..## Get-WebFile (aka wget for PowerShell)..##############################################################################################################..## Downloads a file or page from the web..## History:..## v3.6 - Add -Passthru switch to output TEXT files..## v3.5 - Add -Quiet switch to turn off the progress reports .....## v3.4 - Add progress report for files which don't report size..## v3.3 - Add progress report for files which report their size..## v3.2 - Use the pure Stream object because StreamWriter is based on TextWriter:..## it was messing up binary files, and making mistakes with extended characters in text..## v3.1 - Unwrap the filename when it has quotes around it..## v3 - rewritten completely using HttpWebRequest + HttpWebResponse to figure out the file name, if possible..## v2 - adds a ton of parsing to make the output pretty..## added measuring the scripts involved in the command, (uses Tokenizer)..#####################

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-WebFileName.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):9247
                                                                                                                                                                                                                                        Entropy (8bit):5.07010917787166
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:cSypQGXHQybOdQVeBAmZZ8mumtrUy5nF2wnK0u/obu5OyDucYhr:ctpQG3G1vPS0uQZ2uH
                                                                                                                                                                                                                                        MD5:CCEF9317BA6E4AD2C5F9ADA169DE64E3
                                                                                                                                                                                                                                        SHA1:0B03F562CC75CDFB7CC184DA8B8E6BA73A6256A7
                                                                                                                                                                                                                                        SHA-256:1D10AEC25CE4A010B338041862F485BDA47494A3A0EE154BBA49F48BCFCF0D68
                                                                                                                                                                                                                                        SHA-512:922BCEFDCC76A32EE81AB0610BA1E256A228075084DE5A85F11D3B67D62F496A86BD59BE3AA5E00EC24E5A2805AD4199D5D38CD05D92D1BBC43F333FBE924D30
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2011 - 2017 RealDimensions Software, LLC..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License...#..# Based on http://stackoverflow.com/a/13571471/18475....function Get-WebFileName {..<#...SYNOPSIS..Gets the original file name from a url. Used by Get-WebFile to determine..the original file name for a file......DESCRIPTION..Uses several techniques to determine the original file name of the file..based on the url for the fi

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-WebHeaders.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5960
                                                                                                                                                                                                                                        Entropy (8bit):5.140316008573171
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:cSyL+4pGXHFKovnYWHVjmlvr79s5nFUFwlmiZn28HeheXeGYDXSqVR2vRtktvS:cSyL+QGXH2QVqlvr7y5nFDXnw0ud3Q
                                                                                                                                                                                                                                        MD5:510D813D8B844FA9ABCF1CF8B294CE83
                                                                                                                                                                                                                                        SHA1:B733C7BC5B1EA00C27895DE8BFB337183D9335E1
                                                                                                                                                                                                                                        SHA-256:58C4E3DE6F018A33E4952AF35EFCCC0B688F1170F733CC10E2C32A33F11A9123
                                                                                                                                                                                                                                        SHA-512:3D3DA339A6B9CAC75CB940B573703BBA5782D22918637D4399636F0F2787436920D6965F2165E294C68107905D556F115CD8416C97A18B12B7F0207CD7721AAC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2015 - 2017 RealDimensions Software, LLC..# Copyright . 2011 - 2015 RealDimensions Software, LLC & original authors/contributors from https://github.com/chocolatey/chocolatey..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....function Get-WebHeaders {..<#...SYNOPSIS..Gets the request/response headers for a url......DESCRIPTION..This is a low-level function that is used by Chocolatey to get the..headers for a reque

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Install-BinFile.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6283
                                                                                                                                                                                                                                        Entropy (8bit):5.232086061865062
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:cSyL+QGXHN0Vk7arlCnBVV+7oc9KYjWndTmw:ctL+QG05rlwguh
                                                                                                                                                                                                                                        MD5:5617A2B6826D73A80E864B42A3404E72
                                                                                                                                                                                                                                        SHA1:61522560BF997DD79C6649F0C1D198510E19430F
                                                                                                                                                                                                                                        SHA-256:9FC392C4558C2579517F24D945D8E1741EB4A5D7893E4E2DCA6CA756443AB328
                                                                                                                                                                                                                                        SHA-512:B4EA54386B427AC314854AE3584EBF7AEB9E178026346917B05249A28CF831FBD7F87D12CCF56F00DA9C4F55ABC7324E69C4AB9B367258AC2F35960BAFEFADF3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2015 - 2017 RealDimensions Software, LLC..# Copyright . 2011 - 2015 RealDimensions Software, LLC & original authors/contributors from https://github.com/chocolatey/chocolatey..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....function Install-BinFile {..<#...SYNOPSIS..Creates a shim (or batch redirect) for a file that is on the PATH......DESCRIPTION..Chocolatey installs have the folder `$($env:ChocolateyInstall)\b

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Install-ChocolateyEnvironmentVariable.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4293
                                                                                                                                                                                                                                        Entropy (8bit):5.147557599553147
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:cSyL+4pGXHFKooCb/InyxVkR8PIoIxAETBXSYG:cSyL+QGXHeCjIGVo8qXSYG
                                                                                                                                                                                                                                        MD5:06FC3CDC03EC16E85CE73D558D58742B
                                                                                                                                                                                                                                        SHA1:C73F95322D853B964AD241CD9B1EFD1A6AF8B101
                                                                                                                                                                                                                                        SHA-256:E6E24F83FDA53709F7EA93F73533314156F1DA0B028FC7BD063BA1720D1A6ADA
                                                                                                                                                                                                                                        SHA-512:A1BB72C33CC1544432B6E4A3317843331ECB70D954DBFC195A3A6AD3FDF18280F807BF2A9DEC06D036111A46062EE04A87C2D315F4E895D2C7F2DAAF6B4CB48A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2015 - 2017 RealDimensions Software, LLC..# Copyright . 2011 - 2015 RealDimensions Software, LLC & original authors/contributors from https://github.com/chocolatey/chocolatey..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....function Install-ChocolateyEnvironmentVariable {..<#...SYNOPSIS..**NOTE:** Administrative Access Required when `-VariableType 'Machine'.`....Creates a persistent environment variable......DES

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Install-ChocolateyExplorerMenuItem.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4549
                                                                                                                                                                                                                                        Entropy (8bit):5.216765809932499
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:cSyL+4pGXHFKobx0W2Pq44GGVq/r6ck8Tr6ck012gMe5RDJRmR0GRSd:cSyL+QGXHBx03x4rVqDQ8vQubL5HItUd
                                                                                                                                                                                                                                        MD5:D283FDF0627E77F4745CE26CBB134DDB
                                                                                                                                                                                                                                        SHA1:D41419D3F8DC3F22B37E5CDE1090CF19879F8466
                                                                                                                                                                                                                                        SHA-256:C4292F8767BD7E74E85C4AABCDB9EB0ED3B564693AAC1F568EB02FF7529DF027
                                                                                                                                                                                                                                        SHA-512:A14822AEC4351C106325F1403F79DF444CB53C03CB09AE0FF15169CEC821102A11186B321F9FE8CEFC35932FE02A874E984EECADDA3EC5DCA52AB7EDEE9DB1F4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2015 - 2017 RealDimensions Software, LLC..# Copyright . 2011 - 2015 RealDimensions Software, LLC & original authors/contributors from https://github.com/chocolatey/chocolatey..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....function Install-ChocolateyExplorerMenuItem {..<#...SYNOPSIS..**NOTE:** Administrative Access Required.....Creates a windows explorer context menu item that can be associated with..a command.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Install-ChocolateyFileAssociation.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3080
                                                                                                                                                                                                                                        Entropy (8bit):5.192518177403395
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:cSyL+4pGXHFKoognbqHdyVO6ckUf1eg9DgH:cSyL+QGXHqgnydyVOQUf1eg9DgH
                                                                                                                                                                                                                                        MD5:44D634D52E391B61FEA2B3311FD130C4
                                                                                                                                                                                                                                        SHA1:AC5184FA6552AD3D2D58EBD53563ED3238E089FF
                                                                                                                                                                                                                                        SHA-256:22FA3870EC2455426BD2BA94B5DC82C241D16F1DBD1AC6979787E947B39563AE
                                                                                                                                                                                                                                        SHA-512:53F5C0D5865DA75816B663CDD4279938401498416A2AD4FD4A7667CC93042D4FBCBC7B2F2F1FD3864CFADBC73908730C6EC7761A77207511861CB277AF8DBF59
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2015 - 2017 RealDimensions Software, LLC..# Copyright . 2011 - 2015 RealDimensions Software, LLC & original authors/contributors from https://github.com/chocolatey/chocolatey..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....function Install-ChocolateyFileAssociation {..<#...SYNOPSIS..**NOTE:** Administrative Access Required.....Creates an association between a file extension and a executable......DESCRIPTION..In

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Install-ChocolateyInstallPackage.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):14313
                                                                                                                                                                                                                                        Entropy (8bit):5.166123502608628
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:ctL+QGm9UIirNuMyrnyBOXOrH2ZoBZiLtM+h1yBPSa:ctL+yG9PKQaOyaBEl1+PSa
                                                                                                                                                                                                                                        MD5:7BB19403672F88442C8510579DEEA62B
                                                                                                                                                                                                                                        SHA1:D7685A3C16C53822D696EE3479451BCF1C42860A
                                                                                                                                                                                                                                        SHA-256:FDAE94594F6DDF60874760BC0E8306422681CE7C177BFA811A625AE74363CCAF
                                                                                                                                                                                                                                        SHA-512:8383D42946F02B72676BF3F6016C0CFA9355AE840320354111B8E40CD9567F46B558B4B60809BF6F0B1364A1F84E6815DC04B02D2F42078E0057F1990CCC83A3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2015 - 2017 RealDimensions Software, LLC..# Copyright . 2011 - 2015 RealDimensions Software, LLC & original authors/contributors from https://github.com/chocolatey/chocolatey..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....function Install-ChocolateyInstallPackage {.. <#...SYNOPSIS..**NOTE:** Administrative Access Required.....Installs software into "Programs and Features". Use..Install-ChocolateyPackage when

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Install-ChocolateyPackage.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):17164
                                                                                                                                                                                                                                        Entropy (8bit):5.102467977763193
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:ctL+QG/i9AUaHrN+eNbVPoC8XdI96LMw9lpWo:ctL+jiKUW+eNbVPHMG9Gz
                                                                                                                                                                                                                                        MD5:EF3DA9AA21D97701F975F6E7EC05790D
                                                                                                                                                                                                                                        SHA1:C78F165791049FA3A17218AE2ADEECF79C628E15
                                                                                                                                                                                                                                        SHA-256:917FCEC8CA28B0EF404F565AAECF7FB850E193326D012583927CAA8BB55FB3EC
                                                                                                                                                                                                                                        SHA-512:40C18493196A1395EB72629042E0BE98F19CF657E402FF0F21447A238879157534BBCA632C40B047B42C4EA46C9935D40EF53604DCADB5552B8F6D4A5027C809
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2015 - 2017 RealDimensions Software, LLC..# Copyright . 2011 - 2015 RealDimensions Software, LLC & original authors/contributors from https://github.com/chocolatey/chocolatey..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....function Install-ChocolateyPackage {..<#...SYNOPSIS..**NOTE:** Administrative Access Required.....Installs software into "Programs and Features" based on a remote file..download. Use Install-

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Install-ChocolateyPath.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4341
                                                                                                                                                                                                                                        Entropy (8bit):5.172978110813656
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:cSyL+4pe90AlH31KoMb4lFkF9lr4cr8QCz7rVgAY+AExSNzwdOq7FuRFu7lVENiz:cSyL+4pGXHFKoETMcePrVnxAExSsl73
                                                                                                                                                                                                                                        MD5:B8FD2F73466C4538F16B753C1707E185
                                                                                                                                                                                                                                        SHA1:DEEAFE9F90676AC71FDC879D856A5FF312AF0D74
                                                                                                                                                                                                                                        SHA-256:1134D81094235B52249BD974129142BCE3B9796387C0D7CE71CE68A909A5C6B6
                                                                                                                                                                                                                                        SHA-512:BE6FCFB5FCBA314D4CE62FB47B3A292AADD6C7FB6723D042FC603211B7DFC20D8E2213132BA0ECF29A00050A0C7640E00FF6638EA499A2C0A33D8FBCFBC004E5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2015 - 2017 RealDimensions Software, LLC..# Copyright . 2011 - 2015 RealDimensions Software, LLC & original authors/contributors from https://github.com/chocolatey/chocolatey..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....function Install-ChocolateyPath {..<#...SYNOPSIS..**NOTE:** Administrative Access Required when `-PathType 'Machine'.`....This puts a directory to the PATH environment variable......DESCRIPTI

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Install-ChocolateyPinnedTaskBarItem.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2645
                                                                                                                                                                                                                                        Entropy (8bit):5.278706654776255
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:cSyL+4pe90AlH31KoMD+4RXPXbVSPDqA9FM4jImbO2Poq+:cSyL+4pGXHFKoi7bVSe+M4jImg
                                                                                                                                                                                                                                        MD5:9432BDECB1FAE8A80B302A6216A7615B
                                                                                                                                                                                                                                        SHA1:80C6C8255413A9B9E2BD8DE14B274DFEF1F6E86A
                                                                                                                                                                                                                                        SHA-256:20510B09D631C0E5D9E6E4E5F0FC47EF47C1A413FE3F83A2413A2F4E42E1B649
                                                                                                                                                                                                                                        SHA-512:F6BF39157FB67D7434CCC6F80CF7E13C04302243BE3589D8FF85ECDEA1A19559091BA86FD7BB22671B239F16136ABC8FA84A156477497B32B35E9721EF9B7103
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2015 - 2017 RealDimensions Software, LLC..# Copyright . 2011 - 2015 RealDimensions Software, LLC & original authors/contributors from https://github.com/chocolatey/chocolatey..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....function Install-ChocolateyPinnedTaskBarItem {..<#...SYNOPSIS..Creates an item in the task bar linking to the provided path......NOTES..Does not work with SYSTEM, but does not error. It warns

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Install-ChocolateyPowershellCommand.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):9319
                                                                                                                                                                                                                                        Entropy (8bit):5.106965440646972
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:cSyL+QGXHni8ybOOeHYlqWKWXVWpRXrHoyf4yc0q1:ctL+QG3ij9e4lqZfc1
                                                                                                                                                                                                                                        MD5:D95A27860316FF9415C6E59530A4F83E
                                                                                                                                                                                                                                        SHA1:16CA9BB81AC55A4EE814915F919FCE89634D637D
                                                                                                                                                                                                                                        SHA-256:F6A1CEB186C30AAD003EAE9B71FDEF4D1DC0D989C81FFDD844C5E9B82EF9532D
                                                                                                                                                                                                                                        SHA-512:4FBE61563130EF06FC69C5FEEFAD59A6FB4DF01BCA7C289A9E8E7B3D16B06BE8BB652AAC7DBF5548BCDDB7F9EEFC2E739B707694BF18995C645F4715DD43C1D3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2015 - 2017 RealDimensions Software, LLC..# Copyright . 2011 - 2015 RealDimensions Software, LLC & original authors/contributors from https://github.com/chocolatey/chocolatey..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....function Install-ChocolateyPowershellCommand {..<#...SYNOPSIS..Installs a PowerShell Script as a command.....DESCRIPTION..This will install a PowerShell script as a command on your system. Li

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Install-ChocolateyShortcut.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):7888
                                                                                                                                                                                                                                        Entropy (8bit):5.219559860002251
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:cSyL+QGXH9mufXMVW7Vb944B6/yS/LIiP8/HahiJqhx8l91b:ctL+QGtmufXBVbwBPi6cJ4x8l91b
                                                                                                                                                                                                                                        MD5:B67CDEF057B2B5376CFDBE1F51AC241E
                                                                                                                                                                                                                                        SHA1:12B3484E2F85D5C591F1DDD178BA71F224BC232B
                                                                                                                                                                                                                                        SHA-256:D09B2B6B3D43259E79E6778581BA884B526D7A0687C90B19F38EF5B0CA1E5752
                                                                                                                                                                                                                                        SHA-512:BDBEC684B46B3039C7C369901C618E4D0313588B4AB3AE3A10C20CA89C9F2CFB24430FF360FA63D813B920088C7CE5DE17C20C193E0F5FBE40495A86212760FA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2015 - 2017 RealDimensions Software, LLC..# Copyright . 2011 - 2015 RealDimensions Software, LLC & original authors/contributors from https://github.com/chocolatey/chocolatey..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....function Install-ChocolateyShortcut {..<#...SYNOPSIS..Creates a shortcut.....DESCRIPTION..This adds a shortcut, at the specified location, with the option to specify..a number of additional p

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Install-ChocolateyVsixPackage.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):8855
                                                                                                                                                                                                                                        Entropy (8bit):5.1654657712280985
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:cSyL+QGXHrDorybOY2W/thNuVwBE6nBEvEGYfpxIDcO:ctL+QGNk67zyYpG7
                                                                                                                                                                                                                                        MD5:B751C9113B9601DC1B66D597F86474E9
                                                                                                                                                                                                                                        SHA1:E69E72AEAC3BBF5E3DE0C307FE62C0D293FCE36E
                                                                                                                                                                                                                                        SHA-256:E821C31B1A2C9CF7BB6AF12BBB70D88DC30ABADCBD68197982A0DCC6EEF7C982
                                                                                                                                                                                                                                        SHA-512:BCA21C385EA43B62CF113D35E3A50A66E69C6CB98BDE874DC38D6B517206456C4B3726825EA962E0F1676FD8ED936C51DD8FE7D85E9C1F3A336FDC961A53A662
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2015 - 2017 RealDimensions Software, LLC..# Copyright . 2011 - 2015 RealDimensions Software, LLC & original authors/contributors from https://github.com/chocolatey/chocolatey..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....function Install-ChocolateyVsixPackage {..<#...SYNOPSIS..Downloads and installs a VSIX package for Visual Studio.....DESCRIPTION..VSIX packages are Extensions for the Visual Studio IDE. The V

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Install-ChocolateyZipPackage.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):9740
                                                                                                                                                                                                                                        Entropy (8bit):5.124129906660506
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:cSyL+QGXH5l6ybO41LHHPWUWYhNfhNuVtsYzrPr:ctL+QGJlhXlHvbVPLYzLr
                                                                                                                                                                                                                                        MD5:A9F2320F7C75DB38BA32DE454DB14F41
                                                                                                                                                                                                                                        SHA1:52869D1B9C412DC5AB848E1E363A2F1C043A6EBA
                                                                                                                                                                                                                                        SHA-256:D5C38F705555D2F334308EB27E8CFADA3E1503390A19D99C26810295047815E7
                                                                                                                                                                                                                                        SHA-512:D40A8228A93F7543D1F447BC2989A5A9714F07F6CDE411801659483A0BCE5BD5696B5631DEC89FE6D4C9DDD87F29002A421627C9CF60EC57A6A93E02F028BE85
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2015 - 2017 RealDimensions Software, LLC..# Copyright . 2011 - 2015 RealDimensions Software, LLC & original authors/contributors from https://github.com/chocolatey/chocolatey..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....function Install-ChocolateyZipPackage {..<#...SYNOPSIS..Downloads file from a url and unzips it on your machine. Use..Get-ChocolateyUnzip when local or embedded file......DESCRIPTION..This wi

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Install-Vsix.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2178
                                                                                                                                                                                                                                        Entropy (8bit):5.225120339484231
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:cSyL+4pe90AlH31KoM4eAjm3LeoXPNpxdeVP3YJxxKW2W2VlWp:cSyL+4pGXHFKoZjmnP3OVPUxxO3le
                                                                                                                                                                                                                                        MD5:5082284C6F295B50B7C28303E52D2770
                                                                                                                                                                                                                                        SHA1:08D320C56CA725CFC8D558E5C923836EDC369DFD
                                                                                                                                                                                                                                        SHA-256:D488957D7BEFF9256A176E7EA1F6D167604C175B44746B2B86B7EA0480F8089C
                                                                                                                                                                                                                                        SHA-512:F8AB98CD8A14ADFA9FED578867A6188F6CBCA5E4361FC0D17D5BAA49818DF7A24BE94C616A8FE6821B75FDCE853D426464BA8E6CE8824E2A47912F26204A8241
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2015 - 2017 RealDimensions Software, LLC..# Copyright . 2011 - 2015 RealDimensions Software, LLC & original authors/contributors from https://github.com/chocolatey/chocolatey..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....function Install-Vsix {..<#...SYNOPSIS..DO NOT USE. Not part of the public API......DESCRIPTION..Installs a VSIX package into a particular version of Visual Studio......NOTES..This is not par

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Set-EnvironmentVariable.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4463
                                                                                                                                                                                                                                        Entropy (8bit):5.326623524611151
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:cSyL+4pGXHFKo9LAVZVTfGqqHQ6+MiLMK+SIgEGZkxpU3gZCjfocO:cSyL+QGXHvAVLGqqHQ6waN9A3a
                                                                                                                                                                                                                                        MD5:C5ADB094F8B04B9D9E4E7FA429D0568F
                                                                                                                                                                                                                                        SHA1:64A4EC9D365702E1D279F0958B67EDAAC1CCFF72
                                                                                                                                                                                                                                        SHA-256:A7E60AA5802ADC6E16D105C693819D7B8F5396C9B18BB32D4E55A1C6EDDEE409
                                                                                                                                                                                                                                        SHA-512:20654DDEBFB81F1AA49BBBA3CF9C8BB2A03DA48C1D14DC63F4C200F8374393430E2515D85EE39B3EC788EFD97F8D442F07D36C06595263D57D6FEACA5B9DE152
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2015 - 2017 RealDimensions Software, LLC..# Copyright . 2011 - 2015 RealDimensions Software, LLC & original authors/contributors from https://github.com/chocolatey/chocolatey..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....function Set-EnvironmentVariable {..<#...SYNOPSIS..**NOTE:** Administrative Access Required when `-Scope 'Machine'.`....DO NOT USE. Not part of the public API. Use..`Install-ChocolateyEnviron

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Set-PowerShellExitCode.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1711
                                                                                                                                                                                                                                        Entropy (8bit):5.130959499082034
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:cSyX54q90AlH31KofO/OuBT0fkaCVYBt4PHU:cSyp4aXHFKozUVYBt4c
                                                                                                                                                                                                                                        MD5:73DCA113BBA352B82F814797A5E075B5
                                                                                                                                                                                                                                        SHA1:B514007F4B97D41584B73A1BFFBE24B37131CCD1
                                                                                                                                                                                                                                        SHA-256:A4F55463BF3258F02058B8A568A4F650B6DEA54BE1E5851C9339D53DBA2CC08F
                                                                                                                                                                                                                                        SHA-512:9F0D8D5B5C418BDBD9034EF8BFEBA20D4F1D99B37F4DE7867102E6486BA6F5BA7D9CB5C34E7D9649546B74E81B6E238EB8CBA8BB458C7A0AFBC975B49ED04011
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2011 - 2017 RealDimensions Software, LLC..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...#..# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....Function Set-PowerShellExitCode {..<#...SYNOPSIS..Sets the exit code for the PowerShell scripts......DESCRIPTION..Sets the exit code as an environment variable that is checked and used..as the exit code for the package at the end of the package script......NOTES..This tells PowerShell that it should prepare to shut down....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Start-ChocolateyProcessAsAdmin.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (495), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16063
                                                                                                                                                                                                                                        Entropy (8bit):5.071535838625921
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:cSyL+QGXH8SvdSIVLWDL+G3YQwJOm1JzzN566OdHYrZxmrP17OrnwflAflNKc1+R:ctL+QGRvdSIWDznmzzvOUrIWjKEM05q
                                                                                                                                                                                                                                        MD5:C653DD51F0E2EF62BBD7F782C8DAE3AC
                                                                                                                                                                                                                                        SHA1:860325CDDF15E97C487A2351051517C89E414316
                                                                                                                                                                                                                                        SHA-256:120D4F0ECD7D4AF742CCE72D4CE86EBD960F3FC83FBB58860BECD79147830585
                                                                                                                                                                                                                                        SHA-512:417FD7B7609E7F002F8915D0E8EDA8EB3932FE3F4F7D88070457D2B08251CF0063C3B283C2129A02BAD6361812A16CDD1F3DFB26F55043181F9680D8B073B32E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2015 - 2017 RealDimensions Software, LLC..# Copyright . 2011 - 2015 RealDimensions Software, LLC & original authors/contributors from https://github.com/chocolatey/chocolatey..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....function Start-ChocolateyProcessAsAdmin {..<#...SYNOPSIS..**NOTE:** Administrative Access Required.....Runs a process with administrative privileges. If `-ExeToRun` is not..specified, it is r

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Test-ProcessAdminRights.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1913
                                                                                                                                                                                                                                        Entropy (8bit):5.085202352125102
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:cSyL+4pe90AlH31KoMwr86KhPWBT2TiCWezzwYYm6tFnzXHtQ:cSyL+4pGXHFKo2PD2CWbm6nnzXq
                                                                                                                                                                                                                                        MD5:12DE733D7CE18AF405D81469211573D3
                                                                                                                                                                                                                                        SHA1:89C23822D6717F00281EC45FB24F420678B9901B
                                                                                                                                                                                                                                        SHA-256:F07208BE10E70B4774168EC7C0CC86FC594F1D37D991E766EC46EE335302B083
                                                                                                                                                                                                                                        SHA-512:38775567CC21292C3E06E6F7A44BC7A3C525CC2A49A95E114CFB0C4BFF2AF7EDAEFB4D09A3FD777482BCB0088507323B5618128B96A4716BE9655010A390453F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2015 - 2017 RealDimensions Software, LLC..# Copyright . 2011 - 2015 RealDimensions Software, LLC & original authors/contributors from https://github.com/chocolatey/chocolatey..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....function Test-ProcessAdminRights {..<#...SYNOPSIS..Tests whether the current process is running with administrative rights......DESCRIPTION..This function checks whether the current process h

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\UnInstall-ChocolateyZipPackage.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2897
                                                                                                                                                                                                                                        Entropy (8bit):5.162176606162476
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:cSyL+4pe90AlH31KoMjgAOTJEd4phQ44Yb1eVGXsjlKo9obKB9x/kgeoS5:cSyL+4pGXHFKod+aSZVLjo7m1Ju5
                                                                                                                                                                                                                                        MD5:B0DDD1F261098CAF4092E78539A61796
                                                                                                                                                                                                                                        SHA1:6F753444CE488773EC7AD4942BFB79BF79BC2A65
                                                                                                                                                                                                                                        SHA-256:12E80EA9AA3D894DB1BB1999DD766EF4925ECD59FEC8DEDCABF241DE96E1A949
                                                                                                                                                                                                                                        SHA-512:5C624D18321916C905287595ECC72CF996F24F27E68E22F35C1D07AD7004F579EE64D3E0AE5AE6867DE13A02E61F9893D3DB848A82D41FEC309C77DD88752F75
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2015 - 2017 RealDimensions Software, LLC..# Copyright . 2011 - 2015 RealDimensions Software, LLC & original authors/contributors from https://github.com/chocolatey/chocolatey..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....function Uninstall-ChocolateyZipPackage {..<#...SYNOPSIS..Uninstalls a previous installed zip package, may not be necessary......DESCRIPTION..This will uninstall a zip file if installed via I

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Uninstall-BinFile.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3683
                                                                                                                                                                                                                                        Entropy (8bit):5.175198661740516
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:cSyL+4pGXHFKo2fFecAVuAlxoVGv5nPcdTmqKYDqnShM:cSyL+QGXHc0nVuAlOVGvpPcdTmx
                                                                                                                                                                                                                                        MD5:FCD698961855179908D84E45C1699CD3
                                                                                                                                                                                                                                        SHA1:449CF377EA5EEFC250DF24DC64F36F374C3EA022
                                                                                                                                                                                                                                        SHA-256:093191162E950B4CFDCDD066865C74E47F3F05B3543A9A98A7B82AD98C8236CA
                                                                                                                                                                                                                                        SHA-512:96C0B5867C19A9F06C81F507102FDBCC270BEBAB132E8A3EDE88CED129E369D282AC5F874B0F0AB94214C41C857EF74735909045AA3FDACFF96C74A38FA7AFB6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2015 - 2017 RealDimensions Software, LLC..# Copyright . 2011 - 2015 RealDimensions Software, LLC & original authors/contributors from https://github.com/chocolatey/chocolatey..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....function Uninstall-BinFile {..<#...SYNOPSIS..Removes a shim (or batch redirect) for a file......DESCRIPTION..Chocolatey installs have the folder `$($env:ChocolateyInstall)\bin`..included in t

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Uninstall-ChocolateyEnvironmentVariable.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3131
                                                                                                                                                                                                                                        Entropy (8bit):5.1027007896112115
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:cSyX54q90AlH31KoMSta1Qr44qR4MXbVqlzmwETvp6SCodQsV:cSyp4aXHFKovRVKVwETB6SCu
                                                                                                                                                                                                                                        MD5:256F7D3F77746A9167E513497A1DEF85
                                                                                                                                                                                                                                        SHA1:0F213C21586F176C405C1877C6E7D2FD5B8E85AC
                                                                                                                                                                                                                                        SHA-256:4CE0A48B7A6D6FE997324F7F916DEA532754E4C371CEE38CACE5134EA1D3A101
                                                                                                                                                                                                                                        SHA-512:763263F5E68A1CB7391394570A7CCDDAF518A1522E3F0435EA62848631A03CF278E15F6375F02C0466CBEEBB4365BA419ADB3AB6549BA3BCB09C9BB718825F03
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2011 - 2017 RealDimensions Software, LLC..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...#..# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....function Uninstall-ChocolateyEnvironmentVariable {..<#...SYNOPSIS..**NOTE:** Administrative Access Required when `-VariableType 'Machine'.`....Removes a persistent environment variable......DESCRIPTION..Uninstall-ChocolateyEnvironmentVariable removes an environment variable..with the specified name and value. The variable c

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Uninstall-ChocolateyPackage.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6062
                                                                                                                                                                                                                                        Entropy (8bit):5.047713257621158
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:cSyL+4pGXHFKoQ79vUU2ZTooaYjuVSQPsVeqYQfiyLi9xSQeSDHyXfOWQfpQf6:cSyL+QGXHweZdlFV8bQ7ov
                                                                                                                                                                                                                                        MD5:39599553B392FDEA36398A474FD623F2
                                                                                                                                                                                                                                        SHA1:89587AEDEC8ECADD274EE80EE43101032A55BAD4
                                                                                                                                                                                                                                        SHA-256:716E51F45EA009C6AEC10F123C58A837516E59910CD0DFB274DF0FF6A56EBF08
                                                                                                                                                                                                                                        SHA-512:1BA55A2CEC0EA911B3418FA8B1979EE8EF45C16033C82F1794416CA85D8F7D9B2618855008F8014BD1FA2A8466ECEB9E36A41E985122F8D04C765051C6DAF5C0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2015 - 2017 RealDimensions Software, LLC..# Copyright . 2011 - 2015 RealDimensions Software, LLC & original authors/contributors from https://github.com/chocolatey/chocolatey..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....function Uninstall-ChocolateyPackage {..<#...SYNOPSIS..Uninstalls software from "Programs and Features"......DESCRIPTION..This will uninstall software from your machine (in Programs and..Feat

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Update-SessionEnvironment.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3611
                                                                                                                                                                                                                                        Entropy (8bit):5.0574071891740795
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:cSyL+4pGXHFKosxHb1u5jen+UMGeKJ1qeg:cSyL+QGXHWp+i5MzK/g
                                                                                                                                                                                                                                        MD5:AB7F32D92867D5CC52CB177374C656C2
                                                                                                                                                                                                                                        SHA1:ACB20AAADD71C921899DE91640DA2AB5F78984CA
                                                                                                                                                                                                                                        SHA-256:A1AD9ED3C049CA14C7970AA17CF5C6A28448E70FF2BE4E438A61C6DAB68E82B7
                                                                                                                                                                                                                                        SHA-512:22295E4C289EC0057B3F13A3B9C18B9B02CC4379D8E1F4F6FEBE48A45A05D92A5384EC158E4370CB5E67F33751377C2CD81C4F8E555145C49BF7680FE545F905
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2015 - 2017 RealDimensions Software, LLC..# Copyright . 2011 - 2015 RealDimensions Software, LLC & original authors/contributors from https://github.com/chocolatey/chocolatey..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....function Update-SessionEnvironment {..<#...SYNOPSIS..Updates the environment variables of the current powershell session with..any environment variable changes that may have occured during a.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Write-FunctionCallLogMessage.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1974
                                                                                                                                                                                                                                        Entropy (8bit):5.219633769893594
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:cSyJ3554IpXAAyU0E+SlHQk1GpsLA9i9yVMppqTDf3nQytTxGEN8X/+nKB0chWqc:cSyX54q90AlH31KoMYpqfvVF2M1zrvn
                                                                                                                                                                                                                                        MD5:6A2F945A16F003443B3C14907163C357
                                                                                                                                                                                                                                        SHA1:EBDDA9AC96E6F71D0BEED493C5074F2CAFE638C2
                                                                                                                                                                                                                                        SHA-256:279171398D6F65221D4636DA730AB2F07C6DD56321BF76A03D0CA7D3D7B0B574
                                                                                                                                                                                                                                        SHA-512:C09FC9C169D5197B841EED9D44135F43AA8D11CC0463A567E922FE019545C9036542AD40AF5D64B808AF92E143787A8231CBF4F5B8A2F8F94E48614E8E06EFA0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Copyright . 2017 - 2021 Chocolatey Software, Inc...# Copyright . 2011 - 2017 RealDimensions Software, LLC..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...#..# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...# See the License for the specific language governing permissions and..# limitations under the License.....function Write-FunctionCallLogMessage {..<#...SYNOPSIS..DO NOT USE. Not part of the public API......DESCRIPTION..Writes function call as a debug message......NOTES..Available in 0.10.2+.....This function is not part of the API......INPUTS..None.....OUTPUTS..None.....PARAMETER Invocation..The invocation of the function (`$My

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\lastSnapshot.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32
                                                                                                                                                                                                                                        Entropy (8bit):3.5542292966721747
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:BUhYWGHRBluTYQgn:iVuBUTYPn
                                                                                                                                                                                                                                        MD5:E20E7A9ABA3E8D719D6928DE5B5F155D
                                                                                                                                                                                                                                        SHA1:863359AB65AEF95208D343923B7B81535CA3473B
                                                                                                                                                                                                                                        SHA-256:15D6E51DC764E1C7E4B67B074A79910E6928BDC5F8C84EE33C70CEC751DFA3E5
                                                                                                                                                                                                                                        SHA-512:BA0193A691D2BF6A879B37ABB0EE0933BF78E2F607061EC605D0CA8974E2CA4393E0955156CB0E21F436FE782C2924BBBAC9370990CC7B7442EB16F65423FF49
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:dbb1ea1d3cb86514c3b4a6ad56fa2ed3

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\log4net.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):280616
                                                                                                                                                                                                                                        Entropy (8bit):5.690702355916042
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:mG0WgexKpGi8PnJcerXUaxX3HVeES4BEIqTTpX/4ormGpnaVTSGCkMhkEn7GAhC3:mJrycoB3HVeESME3pnaVTS1nh7hCaG
                                                                                                                                                                                                                                        MD5:12DEA6200DFF02423B75E3BCDB989844
                                                                                                                                                                                                                                        SHA1:4181D3DFD7B01C6E918E7627C9A781745D1359F9
                                                                                                                                                                                                                                        SHA-256:E511D5AC445A9712EA9A3125CEA961F3EF91E52074DD2EFF422F774B47C19C64
                                                                                                                                                                                                                                        SHA-512:32651D140AEC8A0BBA35CD81B399516A7FEC3B9E0715C70F5F566F9A0BFD997303B46A471F06DA1D4FA4096387BDC3EE7C23FFB312713FAF72A8EBE9014D315D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p3..........." ..0...... ........... ... ....... .......................`.......7....`.................................h...O.... ............... ..((...@......L................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\logs\choco.summary.log

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):843
                                                                                                                                                                                                                                        Entropy (8bit):5.326551920808178
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:sVR897l/aVR897MaEVR897b2o+fo6H3NVB:sn8h4n8hMaEn8hb45XNVB
                                                                                                                                                                                                                                        MD5:BB5E20DCEF14821180CE6F7DED612861
                                                                                                                                                                                                                                        SHA1:A0A14ADFDC5BAB828C7CD3D3A511A708DC828FFD
                                                                                                                                                                                                                                        SHA-256:F2FEA50D8CFAE88ECC43890394B340ABE8032E42CE1BB211D54E9B7A7462CB29
                                                                                                                                                                                                                                        SHA-512:93C51EA4AE9599C171A0228205036ACCFCA8888C664B03C6F1E3BBEADC42F38A8C92952F91633CB091ADD3507E7BAAD1FB00A3C6ABB59A8E5F6F6AFB48F705EE
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\logs\choco.summary.log, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:2024-11-08 07:39:26,762 2672 [WARN ] - Directory 'C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\lib' does not exist...2024-11-08 07:39:27,918 2672 [WARN ] - Enabled allowGlobalConfirmation..2024-11-08 07:39:28,246 2672 [WARN ] - Directory 'C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\lib' does not exist...2024-11-08 07:39:28,918 2672 [WARN ] - 0 packages installed...2024-11-08 07:39:29,090 2672 [WARN ] - Directory 'C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\lib' does not exist...2024-11-08 07:39:29,543 2672 [INFO ] - Outdated Packages.. Output is package name | current version | available version | pinned?....2024-11-08 07:39:29,934 2672 [WARN ] - ..Chocolatey has determined 0 package(s) are outdated. ..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\logs\chocolatey.log

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):19616
                                                                                                                                                                                                                                        Entropy (8bit):5.424897290240988
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:H03C5CzzhdItHcAI3C5CzzhdftH4Ay1C5CzzydftH4A09:U3C5Czz93C5Czze1C5CzzZ
                                                                                                                                                                                                                                        MD5:A8475618D6A35411139700B046A2FEB4
                                                                                                                                                                                                                                        SHA1:554AB2C3580E27F934139C5D421CFE3F01CE15D8
                                                                                                                                                                                                                                        SHA-256:CD083ADE70667B6094C7A8FBA41ABECB93EF1E023DF735CFAB98CE5199DCC5E4
                                                                                                                                                                                                                                        SHA-512:2D2978E84D868725E1350244ECFB871EC0A6853CA9DECC0C033590BA04FA64BCC1A16D1C72F8BE9D09BD684A47DACA3DBA84DB366C3F36F71BF46CBCD5F742A5
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\logs\chocolatey.log, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:2024-11-08 07:39:22,403 2672 [DEBUG] - XmlConfiguration is now operational..2024-11-08 07:39:22,496 2672 [DEBUG] - Attempting to create directory "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers"...2024-11-08 07:39:22,512 2672 [DEBUG] - Attempting to create directory "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions"...2024-11-08 07:39:23,559 2672 [DEBUG] - Attempting to create directory "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects"...2024-11-08 07:39:23,653 2672 [DEBUG] - Attempting to create directory "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools"...2024-11-08 07:39:24,465 2672 [DEBUG] - Attempting to create directory "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\config"...2024-11-08 07:39:26,246 2672 [DEBUG] - Attempting to create direc

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\pcach.cch

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (3788), with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3788
                                                                                                                                                                                                                                        Entropy (8bit):5.59285321605242
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:23atis3I25ghNMDulMHMdl/HM7l/H0trAI8e6hmri:23atis3/5gHkulMHsdH+dH0FAe6hmri
                                                                                                                                                                                                                                        MD5:46E2CBAD5063A551E0B3EBE78369D7EE
                                                                                                                                                                                                                                        SHA1:0A0BA7FD13FA7CD8264073CF49E2F2022CBF2154
                                                                                                                                                                                                                                        SHA-256:77E992FC580274184FCA4FB8CCF5F17AECAAC5E4C68979D2CB766BC1C9695DB4
                                                                                                                                                                                                                                        SHA-512:E8E338469234EFDC1AB000CEBD7FB6CA8590D6EE1D76C92590048946BB2CAEDFA0A37849AB3F8D32819F6FC9EDD34CA1A3CEE67659E83A021BAF898EE8E97B24
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:eyJJbnN0YWxsZWRBcHBzIjpbeyJSZW1vdmVhYmxlIjp0cnVlLCJOYW1lIjoiNy1aaXAgICh4NjQpIiwiVmVyc2lvbiI6IjIzLjAxIiwiSW5zdGFsbGVkT24iOiIyMDIzLTEwLTAzVDA2OjUxOjI4LjQ1NTM0NzMtMDQ6MDAiLCJQdWJsaXNoZXIiOiJJZ29yIFBhdmxvdiIsIlNpemVJbkJ5dGVzIjo1Nzg5Njk2LCJBdmFpbGFibGVWZXJzaW9uIjpudWxsLCJTdGF0dXMiOiJJbnN0YWxsZWQiLCJUaGlyZFBhcnR5TmFtZSI6bnVsbH0seyJSZW1vdmVhYmxlIjp0cnVlLCJOYW1lIjoiQWRvYmUgQWNyb2JhdCAoNjQtYml0KSIsIlZlcnNpb24iOiIyMy4wMDYuMjAzMjAiLCJJbnN0YWxsZWRPbiI6IjIwMjMtMTAtMDNUMDA6MDA6MDAiLCJQdWJsaXNoZXIiOiJBZG9iZSIsIlNpemVJbkJ5dGVzIjo2MjY3NDUzNDQsIkF2YWlsYWJsZVZlcnNpb24iOm51bGwsIlN0YXR1cyI6Ikluc3RhbGxlZCIsIlRoaXJkUGFydHlOYW1lIjpudWxsfSx7IlJlbW92ZWFibGUiOmZhbHNlLCJOYW1lIjoiQXRlcmFBZ2VudCIsIlZlcnNpb24iOiIxLjguNy4yIiwiSW5zdGFsbGVkT24iOiIyMDI0LTAyLTI4VDEwOjUyOjA0LTA1OjAwIiwiUHVibGlzaGVyIjoiQXRlcmEgbmV0d29ya3MiLCJTaXplSW5CeXRlcyI6NDkyMDA0OCwiQXZhaWxhYmxlVmVyc2lvbiI6bnVsbCwiU3RhdHVzIjoiSW5zdGFsbGVkIiwiVGhpcmRQYXJ0eU5hbWUiOm51bGx9LHsiUmVtb3ZlYWJsZSI6ZmFsc2UsIk5hbWUiOiJHb29nbGUgQ2hyb21lIiwiVmVyc2lvbiI6IjExNy4wLjU5

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\RefreshEnv.cmd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2340
                                                                                                                                                                                                                                        Entropy (8bit):5.120693108028518
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:WJhzy3v9zec4JksG5A10JZ65RhS9JlqUp7B9nplD6e7B5yg:42V6Q5A1B5C9L/
                                                                                                                                                                                                                                        MD5:B4326546C3A252494DCD512976F8B89A
                                                                                                                                                                                                                                        SHA1:09D10EA0ABDBDE8C2B5BAFE410ED3B96AB0076C8
                                                                                                                                                                                                                                        SHA-256:9B251737A6B6ACE9FDE45B64FD653B04575C6416F15112FBE1697A47B14990E6
                                                                                                                                                                                                                                        SHA-512:E58EDC6DC66A289358E7FDE7C3F1D73A0EE1F7A6DB382DD1318FAA205E12271C081617B8366ECD1FCB3A0BC5A98F4B0F0C389C99A63D9EDF7CE1BD230AC85EC2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:@echo off..::..:: RefreshEnv.cmd..::..:: Batch file to read environment variables from registry and..:: set session variables to these values...::..:: With this batch file, there should be no need to reload command..:: environment every time you want environment changes to propagate....::echo "RefreshEnv.cmd only works from cmd.exe, please install the Chocolatey Profile to take advantage of refreshenv from PowerShell"..echo | set /p dummy="Refreshing environment variables from registry for cmd.exe. Please wait..."....goto main....:: Set one environment variable from registry key..:SetFromReg.. "%WinDir%\System32\Reg" QUERY "%~1" /v "%~2" > "%TEMP%\_envset.tmp" 2>NUL.. for /f "usebackq skip=2 tokens=2,*" %%A IN ("%TEMP%\_envset.tmp") do (.. echo/set "%~3=%%B".. ).. goto :EOF....:: Get a list of environment variables from registry..:GetRegEnv.. "%WinDir%\System32\Reg" QUERY "%~1" > "%TEMP%\_envget.tmp".. for /f "usebackq skip=2" %%A IN ("%TEMP%\_envget.tmp") do (

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\choco.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):136704
                                                                                                                                                                                                                                        Entropy (8bit):5.174853806484254
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:ED98HpKI6GCLOwstyhZFChcssc56FUrgxvbSD4UQrO2:Y9GpKbShcHUa
                                                                                                                                                                                                                                        MD5:DDD072DBD2267BCB3081340E57ED092B
                                                                                                                                                                                                                                        SHA1:04EC398A1DE53DC960A882363A528E162350C57C
                                                                                                                                                                                                                                        SHA-256:460F604144DD93A3794F75C9E09B2676D7AD1295CD92499FAD80ED3C27990F02
                                                                                                                                                                                                                                        SHA-512:2271C5846254EAA7389D23EE0241814D06D34257A7B6D44FE7CBEA14F3ACA5101457FAD934B22D2B9B49F1263BCB4209D8EADC07DB93E2B5E01CCDA5BD6ED2A8
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...)$/b.................D...........c... ........@.. ....................................@..................................c..S.......X....................`....................................................... ............... ..H............text....C... ...D.................. ..`.rsrc...X............F..............@..@.reloc.......`......................@..B.................c......H....... ...x5...........................................................~....*.......*..(....*..0..%.......r...p..........{#.......{$.....()...*.r%..p*.0..........s+......}#.....}$...rk..p...,...s....((......{#....{$...s.......o......o......o......o......o......o......o........,R(....o....o ....2@rk..p~....-........s.........~....((.....o.....ru..po!.....o....s"...%(......(.....o#...(....o$...&..,.(....o%...(....o&...,.(....o'........,...o(.....*.........=.........(....*..(.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\choco.exe.ignore

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:y:y
                                                                                                                                                                                                                                        MD5:81051BCC2CF1BEDF378224B0A93E2877
                                                                                                                                                                                                                                        SHA1:BA8AB5A0280B953AA97435FF8946CBCBB2755A27
                                                                                                                                                                                                                                        SHA-256:7EB70257593DA06F682A3DDDA54A9D260D4FC514F645237F5CA74B08F8DA61A6
                                                                                                                                                                                                                                        SHA-512:1B302A2F1E624A5FB5AD94DDC4E5F8BFD74D26FA37512D0E5FACE303D8C40EEE0D0FFA3649F5DA43F439914D128166CB6C4774A7CAA3B174D7535451EB697B5D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\chocolatey.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):137216
                                                                                                                                                                                                                                        Entropy (8bit):5.162895637606263
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:KMU90HpKOrGCLOwstyhZFChcssc56FUrgxvbSD4UQrO2:K59OpKgShcHUa
                                                                                                                                                                                                                                        MD5:0BCC21AC34291B167EC4D73079EAE085
                                                                                                                                                                                                                                        SHA1:BAEF2A7349E2C6269BBF2C8C6654C492683FC73E
                                                                                                                                                                                                                                        SHA-256:14288199533B10CAD97F5917447979BBC4685F20255AA073EC1BB828D3CF6A2C
                                                                                                                                                                                                                                        SHA-512:9B7CC423E4F27DFF6006425311A6CC39CBA9CB5D3D4966C81FDA21C5907A434B6A748A92B65229A01A65440D8BA2D87D9E8C99CE80E2062569232A10AE74F9BA
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...*$/b.................F...........c... ........@.. ....................................@..................................c..W.......p....................`....................................................... ............... ..H............text....D... ...F.................. ..`.rsrc...p............H..............@..@.reloc.......`......................@..B.................c......H....... ....5...........................................................~....*.......*..(....*..0..%.......r...p..........{#.......{$.....()...*.r%..p*.0..........s+......}#.....}$...rk..p...,...s....((......{#....{$...s.......o......o......o......o......o......o......o........,R(....o....o ....2@rk..p~....-........s.........~....((.....o.....ru..po!.....o....s"...%(......(.....o#...(....o$...&..,.(....o%...(....o&...,.(....o'........,...o(.....*.........=.........(....*..(.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\chocolatey.exe.ignore

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:y:y
                                                                                                                                                                                                                                        MD5:81051BCC2CF1BEDF378224B0A93E2877
                                                                                                                                                                                                                                        SHA1:BA8AB5A0280B953AA97435FF8946CBCBB2755A27
                                                                                                                                                                                                                                        SHA-256:7EB70257593DA06F682A3DDDA54A9D260D4FC514F645237F5CA74B08F8DA61A6
                                                                                                                                                                                                                                        SHA-512:1B302A2F1E624A5FB5AD94DDC4E5F8BFD74D26FA37512D0E5FACE303D8C40EEE0D0FFA3649F5DA43F439914D128166CB6C4774A7CAA3B174D7535451EB697B5D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\cinst.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):137216
                                                                                                                                                                                                                                        Entropy (8bit):5.162623164553414
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:1w9mHpKZNGCLOwstyhZFChcssc56FUrgxvbSD4UQrO2:C9UpK7ShcHUa
                                                                                                                                                                                                                                        MD5:55CC3EA23C5430BE7B5A75A52157DA18
                                                                                                                                                                                                                                        SHA1:AB1D482F2B5E7E0DAD31EA18B78D5F8EA849B87D
                                                                                                                                                                                                                                        SHA-256:BE0494DC91E38456E22692F3AB1891C56871FB82A83ADFDC58F8F890141ECEC9
                                                                                                                                                                                                                                        SHA-512:C09E0476E2D1F69A878195A4026954C5D74C0B5318254A60ABC5909F00A60CCE86D49D29BBF1ECAE498BCE0C2FD2551EFEF0FE287DAB7EAD2FE573CCC833CF3E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...+$/b.................F...........d... ........@.. ....................................@..................................c..S.......X....................`....................................................... ............... ..H............text....D... ...F.................. ..`.rsrc...X............H..............@..@.reloc.......`......................@..B.................c......H....... ....5...........................................................~....*.......*..(....*..0..%.......r...p..........{#.......{$.....()...*.r%..p*.0..........s+......}#.....}$...rk..p...,...s....((......{#....{$...s.......o......o......o......o......o......o......o........,R(....o....o ....2@rk..p~....-........s.........~....((.....o.....ru..po!.....o....s"...%(......(.....o#...(....o$...&..,.(....o%...(....o&...,.(....o'........,...o(.....*.........=.........(....*..(.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\cinst.exe.ignore

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:y:y
                                                                                                                                                                                                                                        MD5:81051BCC2CF1BEDF378224B0A93E2877
                                                                                                                                                                                                                                        SHA1:BA8AB5A0280B953AA97435FF8946CBCBB2755A27
                                                                                                                                                                                                                                        SHA-256:7EB70257593DA06F682A3DDDA54A9D260D4FC514F645237F5CA74B08F8DA61A6
                                                                                                                                                                                                                                        SHA-512:1B302A2F1E624A5FB5AD94DDC4E5F8BFD74D26FA37512D0E5FACE303D8C40EEE0D0FFA3649F5DA43F439914D128166CB6C4774A7CAA3B174D7535451EB697B5D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\clist.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):137216
                                                                                                                                                                                                                                        Entropy (8bit):5.162059784215363
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:YE9tHpKrvGCLOwstyhZFChcssc56FUrgxvbSD4UQrO2:795pK7ShcHUa
                                                                                                                                                                                                                                        MD5:4E2DC776C653ADBEBCF5DB16AB53296E
                                                                                                                                                                                                                                        SHA1:290457CFC7EC45A493CCEACD2CA24A47237494C1
                                                                                                                                                                                                                                        SHA-256:2DCB2236BB84AE42F4395E72EC67A22CBE0E68ADA4F80FABD7141B5B3D4E7985
                                                                                                                                                                                                                                        SHA-512:533B424AFD7E5BF831BB72164D91B663A2368D458A3EFFFF7062A15D1AB77585C087FA5A5471D3530CCF30309AC30C35EAA4A9168A350071A64E912E15012311
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...,$/b.................F...........c... ........@.. ....................................@..................................c..O.......X....................`....................................................... ............... ..H............text....D... ...F.................. ..`.rsrc...X............H..............@..@.reloc.......`......................@..B.................c......H....... ....5...........................................................~....*.......*..(....*..0..%.......r...p..........{#.......{$.....()...*.r%..p*.0..........s+......}#.....}$...rk..p...,...s....((......{#....{$...s.......o......o......o......o......o......o......o........,R(....o....o ....2@rk..p~....-........s.........~....((.....o.....ru..po!.....o....s"...%(......(.....o#...(....o$...&..,.(....o%...(....o&...,.(....o'........,...o(.....*.........=.........(....*..(.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\clist.exe.ignore

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:y:y
                                                                                                                                                                                                                                        MD5:81051BCC2CF1BEDF378224B0A93E2877
                                                                                                                                                                                                                                        SHA1:BA8AB5A0280B953AA97435FF8946CBCBB2755A27
                                                                                                                                                                                                                                        SHA-256:7EB70257593DA06F682A3DDDA54A9D260D4FC514F645237F5CA74B08F8DA61A6
                                                                                                                                                                                                                                        SHA-512:1B302A2F1E624A5FB5AD94DDC4E5F8BFD74D26FA37512D0E5FACE303D8C40EEE0D0FFA3649F5DA43F439914D128166CB6C4774A7CAA3B174D7535451EB697B5D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\cpush.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):137216
                                                                                                                                                                                                                                        Entropy (8bit):5.162082250130723
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:GI9KHpKHDGCLOwstyhZFChcssc56FUrgxvbSD4UQrO2:l9QpKjShcHUa
                                                                                                                                                                                                                                        MD5:76385C4CF0842546103EDD75662BDAD7
                                                                                                                                                                                                                                        SHA1:BC42B5817E6BB3568CC6D7C0BD2B03E8B723024B
                                                                                                                                                                                                                                        SHA-256:67EB4084D0BD361C42FFD7AF025167BAFCE8496A35CA6616945E0942386C6424
                                                                                                                                                                                                                                        SHA-512:BAB9B5AE9B89697A7FA83D0D29A4DB0B777F126EEC8DF3BAE9B009AF9A0D556BB79BF2DCED1D26C7A8E900AC5AA7DDE07CEC334DA6418925F352554383F77EC2
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$/b.................F...........c... ........@.. ....................................@..................................c..O.......X....................`....................................................... ............... ..H............text....D... ...F.................. ..`.rsrc...X............H..............@..@.reloc.......`......................@..B.................c......H....... ....5...........................................................~....*.......*..(....*..0..%.......r...p..........{#.......{$.....()...*.r%..p*.0..........s+......}#.....}$...rk..p...,...s....((......{#....{$...s.......o......o......o......o......o......o......o........,R(....o....o ....2@rk..p~....-........s.........~....((.....o.....ru..po!.....o....s"...%(......(.....o#...(....o$...&..,.(....o%...(....o&...,.(....o'........,...o(.....*.........=.........(....*..(.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\cpush.exe.ignore

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:y:y
                                                                                                                                                                                                                                        MD5:81051BCC2CF1BEDF378224B0A93E2877
                                                                                                                                                                                                                                        SHA1:BA8AB5A0280B953AA97435FF8946CBCBB2755A27
                                                                                                                                                                                                                                        SHA-256:7EB70257593DA06F682A3DDDA54A9D260D4FC514F645237F5CA74B08F8DA61A6
                                                                                                                                                                                                                                        SHA-512:1B302A2F1E624A5FB5AD94DDC4E5F8BFD74D26FA37512D0E5FACE303D8C40EEE0D0FFA3649F5DA43F439914D128166CB6C4774A7CAA3B174D7535451EB697B5D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\cuninst.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):137216
                                                                                                                                                                                                                                        Entropy (8bit):5.163276282537277
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:pS791HpKIqGCLOwstyhZFChcssc56FUrgxvbSD4UQrO2:pO9xpKbShcHUa
                                                                                                                                                                                                                                        MD5:5C9628C46256D0F6B14DE2168CBED8CC
                                                                                                                                                                                                                                        SHA1:B7284385B0076623B76EC3FB2398B5EE8F3B9F85
                                                                                                                                                                                                                                        SHA-256:354C3758A1F9E5A39E7292E9CCA353F815358977B3CC9A704BCEAB257AC6C24C
                                                                                                                                                                                                                                        SHA-512:84886CF1632EFA70D8023F99A663E809422DFCC1C566793EF52078551DA105BFF1B2F9D54E197D8CCE53C3C725226635D623D9D539B5BFD4C17C802286EFADB4
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../$/b.................F...........d... ........@.. ....................................@..................................c..W.......`....................`....................................................... ............... ..H............text...$D... ...F.................. ..`.rsrc...`............H..............@..@.reloc.......`......................@..B.................d......H....... ....5...........................................................~....*.......*..(....*..0..%.......r...p..........{#.......{$.....()...*.r%..p*.0..........s+......}#.....}$...rk..p...,...s....((......{#....{$...s.......o......o......o......o......o......o......o........,R(....o....o ....2@rk..p~....-........s.........~....((.....o.....ru..po!.....o....s"...%(......(.....o#...(....o$...&..,.(....o%...(....o&...,.(....o'........,...o(.....*.........=.........(....*..(.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\cuninst.exe.ignore

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:y:y
                                                                                                                                                                                                                                        MD5:81051BCC2CF1BEDF378224B0A93E2877
                                                                                                                                                                                                                                        SHA1:BA8AB5A0280B953AA97435FF8946CBCBB2755A27
                                                                                                                                                                                                                                        SHA-256:7EB70257593DA06F682A3DDDA54A9D260D4FC514F645237F5CA74B08F8DA61A6
                                                                                                                                                                                                                                        SHA-512:1B302A2F1E624A5FB5AD94DDC4E5F8BFD74D26FA37512D0E5FACE303D8C40EEE0D0FFA3649F5DA43F439914D128166CB6C4774A7CAA3B174D7535451EB697B5D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\cup.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):137216
                                                                                                                                                                                                                                        Entropy (8bit):5.162239721051707
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:TR9vHpKmEGCLOwstyhZFChcssc56FUrgxvbSD4UQrO2:F9/pKvShcHUa
                                                                                                                                                                                                                                        MD5:8783ED37D6871AE20E4A65A655788A7E
                                                                                                                                                                                                                                        SHA1:C42F5B032CF27FFC36869C22D5BE0363AC2E5AF4
                                                                                                                                                                                                                                        SHA-256:5AFEF49A1BB85ED16EE7EF08D9ED694F166A9500701728770E50E92978566C5B
                                                                                                                                                                                                                                        SHA-512:1FE424147DBAD7978F0C856D152F3236685C52DBCA5DD6AB7A03E5D1B8A08566FDF4574C4704FBEDF286A4C13B354D771E25D1B725D55578C14E9EAB2D8F9898
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0$/b.................F...........d... ........@.. ....................................@..................................c..W.......P....................`....................................................... ............... ..H............text....D... ...F.................. ..`.rsrc...P............H..............@..@.reloc.......`......................@..B.................c......H....... ....5...........................................................~....*.......*..(....*..0..%.......r...p..........{#.......{$.....()...*.r%..p*.0..........s+......}#.....}$...rk..p...,...s....((......{#....{$...s.......o......o......o......o......o......o......o........,R(....o....o ....2@rk..p~....-........s.........~....((.....o.....ru..po!.....o....s"...%(......(.....o#...(....o$...&..,.(....o%...(....o&...,.(....o'........,...o(.....*.........=.........(....*..(.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\cup.exe.ignore

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:y:y
                                                                                                                                                                                                                                        MD5:81051BCC2CF1BEDF378224B0A93E2877
                                                                                                                                                                                                                                        SHA1:BA8AB5A0280B953AA97435FF8946CBCBB2755A27
                                                                                                                                                                                                                                        SHA-256:7EB70257593DA06F682A3DDDA54A9D260D4FC514F645237F5CA74B08F8DA61A6
                                                                                                                                                                                                                                        SHA-512:1B302A2F1E624A5FB5AD94DDC4E5F8BFD74D26FA37512D0E5FACE303D8C40EEE0D0FFA3649F5DA43F439914D128166CB6C4774A7CAA3B174D7535451EB697B5D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\7z.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1167872
                                                                                                                                                                                                                                        Entropy (8bit):6.603432444128302
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:Gxb5vMX35l5UVrIdhcMEKWnttf7eePboHvVxSfOtl:GxbSz5UVrIdhnW1Pc96Otl
                                                                                                                                                                                                                                        MD5:0DCE103B0102ADEC3279797665B7A4AE
                                                                                                                                                                                                                                        SHA1:C121392BAB6DBA8D04BEE89C6B526E8E67650CC8
                                                                                                                                                                                                                                        SHA-256:3DB62076E5FCC897FF29DA47FE4029900A4AD696B395B6FA96ACFF1229444C1D
                                                                                                                                                                                                                                        SHA-512:20F0F02097694579AC8794D56411FBE2D97C47D37794CB52AFDABC9956C0452E8A3BB273ED34E463F31927E29E7E41C0FDDB82FBBE688DD39C4113C00EC91BC9
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......l...(x.(x.(x.Gg.+x..d.!x.Gg.,x.Gg.*x..p..)x.(x.@x..p../x..^..x..^.*x.3.z..x....-x..~.)x..X.)x.Rich(x.........PE..L...`u.a...........!.........~.......>....................................................@.............................y.......d........{......................P.......................................................D............................text............................... ..`.rdata..............................@..@.data...............................@....sxdata......p......................@....rsrc....{.......|..................@..@.reloc...............@..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\7z.dll.manifest

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):513
                                                                                                                                                                                                                                        Entropy (8bit):4.971000586893018
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:TMHdt43O5GgVNSSN/aN/2UjMNciq2xA5NEG:2dt4+GgBNCNFjMyisD
                                                                                                                                                                                                                                        MD5:8F89387331C12B55EAA26E5188D9E2FF
                                                                                                                                                                                                                                        SHA1:537FDD4F1018CE8D08A3D151AD07B55D96E94DD2
                                                                                                                                                                                                                                        SHA-256:6B7368CE5E38F6E0EE03CA0A9D1A2322CC0AFC07E8DE9DCC94E156853EAE5033
                                                                                                                                                                                                                                        SHA-512:04C10AE52F85D3A27D4B05B3D1427DDC2AFACCFE94ED228F8F6AE4447FD2465D102F2DD95CAF1B617F8C76CB4243716469D1DA3DAC3292854ACD4A63CE0FD239
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" name="7z" processorArchitecture="*" type="win32" />.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">.. <security>.. <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\7z.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):331776
                                                                                                                                                                                                                                        Entropy (8bit):6.512244761259412
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:J5lqo52kDzMYDJSi7+Ni2ER9Vh98+1PrEVhkQf0huIDaLOjm:JMqzBDJkk2ERvT8MPAf/O6
                                                                                                                                                                                                                                        MD5:7187AE605F4DCE14BB23EA2623956335
                                                                                                                                                                                                                                        SHA1:F7C1DF33B875C98F41DCDE24117D89D42D25B7CE
                                                                                                                                                                                                                                        SHA-256:9E2631C19B243C28B0980607CED2540E9447B1166572483475547C1A9DD4AC0E
                                                                                                                                                                                                                                        SHA-512:F64522E2FB6BB61884FE53C34E79B355EFB9EC33C02B2CD67D729AF7D763E7B3873A5C7CE6AC7BB4567E6BCF8C70CADBC66F511E8BB151AB05096A832032BC8F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........@..|...|...|...p...|...w...|.d.r...|...v...|...x...|.i.#...|...}.|.|.d.!...|...w...|..V....|...v...|.......|. .z...|.Rich..|.........PE..L...`u.a.....................<......<.............@..........................p............@.....................................x.... .......................0...2......................................................(............................text...r........................... ..`.rdata..b...........................@..@.data....'..........................@....sxdata.............................@....rsrc........ ......................@..@.reloc...<...0...>..................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\7z.exe.manifest

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):513
                                                                                                                                                                                                                                        Entropy (8bit):4.971000586893018
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:TMHdt43O5GgVNSSN/aN/2UjMNciq2xA5NEG:2dt4+GgBNCNFjMyisD
                                                                                                                                                                                                                                        MD5:8F89387331C12B55EAA26E5188D9E2FF
                                                                                                                                                                                                                                        SHA1:537FDD4F1018CE8D08A3D151AD07B55D96E94DD2
                                                                                                                                                                                                                                        SHA-256:6B7368CE5E38F6E0EE03CA0A9D1A2322CC0AFC07E8DE9DCC94E156853EAE5033
                                                                                                                                                                                                                                        SHA-512:04C10AE52F85D3A27D4B05B3D1427DDC2AFACCFE94ED228F8F6AE4447FD2465D102F2DD95CAF1B617F8C76CB4243716469D1DA3DAC3292854ACD4A63CE0FD239
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" name="7z" processorArchitecture="*" type="win32" />.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">.. <security>.. <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">.. <requestedExecutionLevel level="asInvoker" uiAccess="false" />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\7zip.license.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1927
                                                                                                                                                                                                                                        Entropy (8bit):4.78095675693374
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:aCpXZHRo7dL53iEu+byAHsv7g6z0zBZfNP3VyFA:dlq7XTu+xCz0NxxVwA
                                                                                                                                                                                                                                        MD5:899A48828B85C4B0402EE7CF1F65B62B
                                                                                                                                                                                                                                        SHA1:73BA604E5A4E4EA6FB4AD23B8ADF3982B2C82D10
                                                                                                                                                                                                                                        SHA-256:20343526E04CE61EED2675282462E7080D305246F7807386621149C2025765D9
                                                                                                                                                                                                                                        SHA-512:EFD02998961261FFA64332EA13876906D55A8BD8209BF94F922D97889DDF1181129B6A08E5747F1C0A07E69CFC3A05E86D18AFC3E06325B51598F52360881B1B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview: 7-Zip.. ~~~~~.. License for use and distribution.. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.... 7-Zip Copyright (C) 1999-2016 Igor Pavlov..... Licenses for files are:.... 1) 7z.dll: GNU LGPL + unRAR restriction.. 2) All other files: GNU LGPL.... The GNU LGPL + unRAR restriction means that you must follow both .. GNU LGPL rules and unRAR restriction rules....... Note: .. You can use 7-Zip on any computer, including a computer in a commercial .. organization. You don't need to register or pay for 7-Zip....... GNU LGPL information.. --------------------.... This library is free software; you can redistribute it and/or.. modify it under the terms of the GNU Lesser General Public.. License as published by the Free Software Foundation; either.. version 2.1 of the License, or (at your option) any later version..... This library is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABI

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\checksum.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):29184
                                                                                                                                                                                                                                        Entropy (8bit):5.423222213276874
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:02aUriLtuRZFwdpyTmNSHSBLVogO6QlRSO/:1r0ARZF6NFVogjQlRv/
                                                                                                                                                                                                                                        MD5:5CA71CBFF5A8DE7E5E30B6E94CD42069
                                                                                                                                                                                                                                        SHA1:991701A32492D743430627CBFBD56D6884C32588
                                                                                                                                                                                                                                        SHA-256:23FBD1EE66FCE6872E97B2FE84C409AB30A74FE8720B722BC6F8BAE6E7764C04
                                                                                                                                                                                                                                        SHA-512:77E31EC0DCA4E4895D3A4C0E84C6C1516D94089763F1735CAC150EFCD4EEC36107BB810E24D94C1208B7A80881D858DBFE887B32DA6F6D8F0C48F21C2525D0BE
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......X.................f..........n.... ........@.. ....................................@................................. ...K.................................................................................... ............... ..H............text...te... ...f.................. ..`.rsrc................h..............@..@.reloc...............p..............@..B................P.......H.......8<...H......u...........P ......................................h.Mk_F!..D........%..............O...T.....7..u#..[h..T]..^....u.2yC.n........}..?)K.?!@.....3k+.....{.u.@.!q....|....$..f.s!...}.....(".....}....*:.{......o....*2.{....o....*2.{....o....*2.{....o#...*2.{....o$...*..*6.{.....o%...*6.{.....o&...*:.{......o'...*6.{.....o(...*F.{....o)........*F.{....o)........*6.{.....o....*6.{.....o....*6.{.....o....*:.{......o....*6.{.....o....*6.{.....o....*..*"..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\checksum.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):150
                                                                                                                                                                                                                                        Entropy (8bit):4.731888600769331
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:vFWWMNHU8LdgCQcIMOofoObWNRXGws8FLu+gNlFueRObK4QIMOn:TMVBd1IGPKNxgUaNNu5W4QIT
                                                                                                                                                                                                                                        MD5:E9AD5DD7B32C44F8A241DE0E883D7733
                                                                                                                                                                                                                                        SHA1:034C69B120C514AD9ED83C7BAD32624560E4B464
                                                                                                                                                                                                                                        SHA-256:9B250C32CBEC90D2A61CB90055AC825D7A5F9A5923209CFD0625FCA09A908D0A
                                                                                                                                                                                                                                        SHA-512:BF5A6C477DC5DFEB85CA82D2AED72BD72ED990BEDCAF477AF0E8CAD9CDF3CFBEBDDC19FA69A054A65BC1AE55AAF8819ABCD9624A18A03310A20C80C116C99CC4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <runtime>.. <enforceFIPSPolicy enabled="false"/>.. </runtime>..</configuration>

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\checksum.license.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):95
                                                                                                                                                                                                                                        Entropy (8bit):4.721635609555772
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:SZdFVJMXLreqXy1Wfardzl7BZyOX35++n:Sls/t+WfKj+OXV
                                                                                                                                                                                                                                        MD5:A10B78183254DA1214DD51A5ACE74BC0
                                                                                                                                                                                                                                        SHA1:5C9206F667D319E54DE8C9743A211D0E202F5311
                                                                                                                                                                                                                                        SHA-256:29472B6BE2F4E7134F09CC2FADF088CB87089853B383CA4AF29C19CC8DFC1A62
                                                                                                                                                                                                                                        SHA-512:CAE9F800DA290386DE37BB779909561B4EA4CC5042809E85236D029D9125B3A30F6981BC6B3C80B998F727C48EB322A8AD7F3B5FB36EA3F8C8DD717D4E8BE55E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:CheckSum is licensed as Apache v2 - https://raw.github.com/ferventcoder/checksum/master/LICENSE

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\shimgen.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):565672
                                                                                                                                                                                                                                        Entropy (8bit):5.0581002983018335
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:hjgGwLGK4Uk0Ycoi6DdP51S2XI5cgGlKFTvr5pgx1v9/oLUmP9nVy:h7wj4kYcopdPm2ac8+1vVmPHy
                                                                                                                                                                                                                                        MD5:F7B6AA803BE23C3192FCC2058D208F44
                                                                                                                                                                                                                                        SHA1:A9569D1A4948FD33D388BB263B5CFF0D66E3BB34
                                                                                                                                                                                                                                        SHA-256:D489923F1F91954B8AA15CD0E763132B9033780481D850D74395F5AB6E266C7C
                                                                                                                                                                                                                                        SHA-512:7FD6E1B291503AC9A67128BAC2D6C8F21B40CE9DE99E015866FC62C79CBBAFCD25F3F43A0EB77A00B20C1D6BE9504E85458D503647BF2CF93BC71DAFB64AF122
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$./b.................x............... ........@.. ....................................@.................................(...W.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc..............................@..B................d.......H.......LX...=......8........@..........................................z.(......}.....(/...o0...}....*..*...0..)........{......E............?...Z...|....................*..}..... .>-.}......}.....*..}......{.... Z...a}......}.....*..}..... ?w*.}......}.....*..}......{.... Z...a}......}.....*..}..... H...}......}.....*..}......{.... ...a}......}.....*..}..... L...}......}.....*..}..... ...F}......}.....*..}.....*.....{....*.s1...z.2.{.....i...*....0..<........{......3..{....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\shimgen.license.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3758
                                                                                                                                                                                                                                        Entropy (8bit):4.882012677800436
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:wwVl/ldfbBaq9k4KM8da2J7LbyM71wKPC/:rVl/ldfsn4KM8daU7LP5wn/
                                                                                                                                                                                                                                        MD5:89AC7C94D1013F7B3E32215A3DB41731
                                                                                                                                                                                                                                        SHA1:1511376E8A74A28D15BB62A75713754E650C8A8D
                                                                                                                                                                                                                                        SHA-256:D4D2EF2C520EC3E4ECFF52C867EBD28E357900E0328BB4173CB46996DED353F4
                                                                                                                                                                                                                                        SHA-512:9BA2B0029E84DE81FFEF19B4B17A6D29EE652049BB3152372F504A06121A944AC1A2B1B57C6B0447979D5DE9A931186FEF9BD0667D5358D3C9CB29B817533792
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:Shim Generator - shimgen.exe..Copyright (C) 2017 - Present Chocolatey Software, Inc ("CHOCOLATEY")..Copyright (C) 2013 - 2017 RealDimensions Software, LLC ("RDS")..===================================================================..Grant of License..===================================================================..ATTENTION: Shim Generator ("shimgen.exe") is a closed source application with..a proprietary license and its use is strictly limited to the terms of this ..license agreement.....RealDimensions Software, LLC ("RDS") grants Chocolatey Software, Inc a revocable, ..non-exclusive license to distribute and use shimgen.exe with the official ..Chocolatey client (https://chocolatey.org). This license file must be stored in ..Chocolatey source next to shimgen.exe and distributed with every copy of ..shimgen.exe. The distribution or use of shimgen.exe outside of these terms ..without the express written permission of RDS is strictly prohibited.....While the source for shimgen.exe is

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller.zip

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1185456
                                                                                                                                                                                                                                        Entropy (8bit):7.999660178690134
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:24576:Ssoja9MaLduouhVlf0tyv29r1+IdjkaCgs54gvUokF4fEFBb:HoFOJuhV+tyor1+I+aqdM2MFBb
                                                                                                                                                                                                                                        MD5:6C6F85E896655A6EB726482F04C49086
                                                                                                                                                                                                                                        SHA1:2E0C55CD4894117428B34D21A1D53738FCE4B02C
                                                                                                                                                                                                                                        SHA-256:E109400A93FEDE90201BBF37C1868C789888BCE9D03A4AE5B46C48599939C34E
                                                                                                                                                                                                                                        SHA-512:B58303C149DEFFC9E374D5BA42A8A73B7CE890D35F9589FE0B09ACEC541A21D589D49FA5086B965277FA22DFE308357505124F13A6FF1E0DE415EBC40CE61E15
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:PK..-.....J9rX...........=...AgentPackageRuntimeInstaller/AgentPackageRuntimeInstaller.exe....0........g.........^ ....,/_.U. *t....H......Z.X..x#...?....(/.EH.....r.l#.6.......76.b....u',4%.Y.br....W..VcO..[b/.....(....."I..u..S*....../.x...j.5.<b......n.v0.. z'M.....w.. ..qu.<...w...[...9....F...D..+....o....!..1I...^=H1.{.:=\...#V.]...1..)F.s":$.g.H.p.'^....K.F...3..}.......[J....xD.........._RB...... \=b.<.u 1k.Y....&.X.).`>M9.$H.].>t..^..!....}_.H.....h....uT.q..cJE.M... .QG..+?.gZM...G.9x.T.q..U..... X.s.....{....F.G$..$.A.n..jz]=.qi!U..4.>.e.7"..].O.F..XdciK..d_0..H..7rHd.jj.L.v6.< ........2.8....8.mc_.(!...\u...mY.........tv.e..,'..E......l..s`... s...W.Sx9b..Dnc...!0_..T.y..%r..{..E;....v"ce.K....{...).B....:N.H$..h..F.......Y.8k.....M....~9..X-M....f>~t..*#..R......6M....f....>-b.....W. .S.WO.c".>.....+iR..w~.u...6../..J..^&...K.BcQ.Fy....<.O.......P..y..#5:l.4.......~........g.:W...1.p7...K...n{.9~..c.h......NT.5...w........?_>XJ..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):55344
                                                                                                                                                                                                                                        Entropy (8bit):6.139210251385105
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:N2Xj3YqBmARWhNqjxcVqnOvdBsqW/BCiFl0scb/MV7Hx/:wX5BqSBjb0tb/MVJ
                                                                                                                                                                                                                                        MD5:77C613FFADF1F4B2F50D31EEEC83AF30
                                                                                                                                                                                                                                        SHA1:76A6BFD488E73630632CC7BD0C9F51D5D0B71B4C
                                                                                                                                                                                                                                        SHA-256:2A0EAD6E9F424CBC26EF8A27C1EED1A3D0E2DF6419E7F5F10AA787377A28D7CF
                                                                                                                                                                                                                                        SHA-512:29C8AE60D195D525650574933BAD59B98CF8438D47F33EDF80BBDF0C79B32D78F0C0FEBE69C9C98C156F52219ECD58D7E5E669AE39D912ABE53638092ED8B6C3
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0.................. ........@.. ....................... ......o7....`.................................X...O.......L...............0(..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...L...........................@..@.reloc..............................@..B........................H........K..|v...........................................................0..........s....(......%.-..( ...+..(!...}\.........s....s......o...+o.....=.r...p(.....(....(.....(....o....r?..p(.....(.......,..o ....*.......4..A.3......4.@t.......0..8.......(!...("...(!...(#...($...(!...o%...($...(!...o&.....&..*........44........('...*..{....*..{....*..{....*..{....*..{....*..('.....}......}.......}.......}......}....*......s....*......s....*......s....*......s....*V.('.....}.....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2010
                                                                                                                                                                                                                                        Entropy (8bit):5.013965898836397
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3rrb7O7Rgdp+1/gYoSagFsg+w3Sg+Cag+XgjdgDt:7rne4wCNj
                                                                                                                                                                                                                                        MD5:0B17B3BE9B3A6F6879998D280941DE55
                                                                                                                                                                                                                                        SHA1:EDE825B51EE11AF7C9221DCE596BB969CD068529
                                                                                                                                                                                                                                        SHA-256:1D69336E421C535CECF2E0326BE39B44EEC8EA39754AC8E855D8E0368E0F4619
                                                                                                                                                                                                                                        SHA-512:06D9CC03B8F7295A6E02376159EA96A83CAED4B584769370C0BF365B25D29C883BA5C8359CFEB7316D13C93B49FD37CCA267F6E7931220CED71435E1F4B639C8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>..<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" /></startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="Microsoft.ApplicationInsights" publicKeyToken="31bf3856ad364e35" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-2.14.0.17971" newVersion="2.14.0.17971" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly>.. <d

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.ini

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11
                                                                                                                                                                                                                                        Entropy (8bit):3.459431618637298
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:WhUnn:Wu
                                                                                                                                                                                                                                        MD5:5EDA46A55C61B07029E7202F8CF1781C
                                                                                                                                                                                                                                        SHA1:862EE76FC1E20A9CC7BC1920309AA67DE42F22D0
                                                                                                                                                                                                                                        SHA-256:12BF7EB46CB4CB90FAE054C798B8FD527F42A5EFC8D7833BB4F68414E2383442
                                                                                                                                                                                                                                        SHA-512:4CF17D20064BE9475E45D5F46B4A3400CDB8180E5E375ECAC8145D18B34C8FCA24432A06AEEC937F5BEDC7C176F4EE29F4978530BE20EDBD7FED38966FE989D6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:version=1.6

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):93232
                                                                                                                                                                                                                                        Entropy (8bit):6.195903304850222
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:zSvbne0Q41qJ3n8JMW+0KcBLQhZV5M+5Nn0komH7yAfRS7Hx9:zS8UMW+BV5M+5Nn0kom/RS3
                                                                                                                                                                                                                                        MD5:B969BFF44179BF8A3584EEB9E026CAE1
                                                                                                                                                                                                                                        SHA1:DBA7A528F51870B89AED549E81EF0660F43B2943
                                                                                                                                                                                                                                        SHA-256:5EE05D3796AB12ECF7F2D32D48D41D2A2A3FD257AD8456A0EBD5E6019492ECF1
                                                                                                                                                                                                                                        SHA-512:F0643905258D2C09CA0A6C30A0A9AD5AD2FE184A65B7FFA5B7B731FEE8357672B35246626A10B39DF7C18EF1B75328192495685DDF9CD2F524E913D6A2993E18
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c.........." ..0..:..........^X... ...`....... ....................................`..................................X..O....`..8............D..0(...........V............................................... ............... ..H............text...d8... ...:.................. ..`.rsrc...8....`.......<..............@..@.reloc...............B..............@..B................@X......H.......|f..X............................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p(....r...p(..........(....(......&..*........00......:.(......}....*..0..Z............( ...,......(!...*~..........("........( ...-..(....s#...........,..($.........(!...*..........&E.......0..G........{....,.(......5~%...r'..po&...rm..pr...po'...tM...r...p((..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.AgentPackages.CommonLib.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):95280
                                                                                                                                                                                                                                        Entropy (8bit):5.998418289121845
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:6iLY8I1pq2jBTn9kbf0KNGVIYMcoS1JkEX5g7HxlF:/Z0PMcjrgF
                                                                                                                                                                                                                                        MD5:3AB0B86F5D058374AC789F05FB6C6E81
                                                                                                                                                                                                                                        SHA1:4C8142A6EA10F48735429B125ADC278178FA0082
                                                                                                                                                                                                                                        SHA-256:5F773968BD0501D91C4AE1339D248B4F766C39885B35088953AFB1BE6FBCC4E8
                                                                                                                                                                                                                                        SHA-512:1A6CC62361FDD20A99D9551E677269D9D67B6F4B66C09083E07AE5732C23FFE15A5E687437A16A27896A19DECEB9F23D7614B6CC44445C365E3A59DED1AEE6E2
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..B..........R`... ........... ..............................P.....`.................................._..O....................L..0(..........(_..8............................................ ............... ..H............text...X@... ...B.................. ..`.rsrc................D..............@..@.reloc...............J..............@..B................3`......H........h................................................................(......}......}.......}.......}........o=...}....*..{....*>.{....o.......*v.{....o...........s....(...+*...0..<........{....o.....{....#.......@(....o.....{......o........&.....*........55........{....o.....{....#.......@(....o.....{......o....*..0..$........(......`...%..".o......{.....o....*Z.(....r...po!...o....*..{....o0...r...p.(....(....o&...*6..(....o....*..{....*..{....*.s....z.s....z.s....z.s..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.AgentPackages.Exceptions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16432
                                                                                                                                                                                                                                        Entropy (8bit):6.6559468525212
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:wXh+/DtYchNyby2sE9jBF6IYiYF8pA5K+oCGUHFeFl55qz:wXh+tYmNyb8E9VF6IYinAM+oCaF5qz
                                                                                                                                                                                                                                        MD5:8E2D0F47E477FAE8132492A31B26F1B3
                                                                                                                                                                                                                                        SHA1:6C3EB7CB1D5E942DC6A62767A701D201E2F69CE1
                                                                                                                                                                                                                                        SHA-256:7C8CD3B61286AAC09534541EDBFF10618938236830167581BD3E922CA55A1456
                                                                                                                                                                                                                                        SHA-512:B40EA70361F5AFCCB3DC41D38A4F302AEE00B9AAC206AD2DFBD1591A7722AF732BC820C3C66EA3BC0816D4C98E364D1345077EDC786ED19135659AC91E0CFC06
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...T............." ..0.............v,... ...@....... ....................................@.................................",..O....@..(...............0(...`......H+..8............................................ ............... ..H............text...|.... ...................... ..`.rsrc...(....@......................@..@.reloc.......`......................@..B................V,......H........ ..d...........................................................&...(....*6.r...p.(....*..(....*..(....*"..(....*. ....*.r-..p*..(....*"..(....*. ....*.r...p*..(....*"..(....*. .*..*.r...p*. ....*.rN..p*..(....*.BSJB............v2.0.50727......l.......#~......<...#Strings....D...$...#US.h.......#GUID...x.......#Blob...........G..........3......................................................................f.....F...........n.................M...........2...........Z.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.AgentPackages.ModelsV3.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):75312
                                                                                                                                                                                                                                        Entropy (8bit):6.23943595769723
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:Tu2lKxktXgl4icipJNz671/nVYWREDnAvk2jkbukZmyJsldySMcAn9fG1EcfgrYH:KF+qo7mDEwj4NXLGcfgruFcg7HxRt
                                                                                                                                                                                                                                        MD5:D5B69F2C4F5CB0E7D43D7F6C1C87DC7E
                                                                                                                                                                                                                                        SHA1:98FDA78C049D650E47C17D9072E82D87C1B59E9F
                                                                                                                                                                                                                                        SHA-256:6C1325D183C7CC3E516628921005F18BB5A191B0029AF93DFB022CA4C2ABBAE9
                                                                                                                                                                                                                                        SHA-512:D95C5CD5E9DAC57FA9C5DE8645F637363A5E787A8C521B09BFBEA56D01765F4FC31E4080BDCAD28BBD90FDB9BEE1CAB50E95FF13CFAC728405D87C3EFE3A387B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6............" ..0.............F.... ... ....... .......................`.......w....`.....................................O.... ..................0(...@..........T............................................ ............... ..H............text...L.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................%.......H.......t<..`.............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*...0...........(.....(.....o....(....*.0...........(.....(.....o....(...+*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..(..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.Utils.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):52272
                                                                                                                                                                                                                                        Entropy (8bit):6.4113040933608225
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:TQMnML8f1VNPa7fb8LRaIzlRK/usybUjuUY0vZKE8tcqPqZw+I39Wu1FEpYinAMU:T9ML8LW/usybGYVE8mZw+89Wu1e7Hxav
                                                                                                                                                                                                                                        MD5:94B12931B9032E80157DC27422393FEC
                                                                                                                                                                                                                                        SHA1:2B762FCA27538B55ACF736F7D65E293E5F15EAEA
                                                                                                                                                                                                                                        SHA-256:746AD9902D9310CC2F172736AC156018ECD3843BA58C8337DE017074B06CD645
                                                                                                                                                                                                                                        SHA-512:D943A39FDD74627514818DAF3434BD1ABEB4EE10077E8B10414098DDA2972851795A15CBD4CAD73A67D5171446E4A6D844CDF8BD705E72F34B7DA16678097BE9
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...&............." ..0.................. ........... ...................................`.................................>...O.......4...............0(..........t...T............................................ ............... ..H............text........ ...................... ..`.rsrc...4...........................@..@.reloc..............................@..B................r.......H........E...s...........................................................0..........(.....o.....s........s............io........,...o.......jo....s....&.o.....P.........io ...&..i.X.P..........i(!.....i(".......(!....(#...*.........*.......0.._........($....s.......(%........i.Yo.....P......jo......s&.......io ...&(........io'.......,..o......*.........FS........((...*2.~....(....*....0...........()...,.r...ps*...z.()...,.r...ps*...z.....~....s+....s,.......o-....[o....o/...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Microsoft.ApplicationInsights.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):398896
                                                                                                                                                                                                                                        Entropy (8bit):6.1343664856235245
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:5jS6t1sm5LldNolZIkImcTi077Keb0wi0Lcr4so8mysKTqRjMnM6/ZmvM:5+e55LgIkTmyAAfTnMLvM
                                                                                                                                                                                                                                        MD5:FACA1B5218F8EB76963366A6842E122D
                                                                                                                                                                                                                                        SHA1:41B281ABA7D7FE994EE6C77F7F71042885919EC0
                                                                                                                                                                                                                                        SHA-256:D779F3514666734455B5B2B7AEB035F7E1D7394CD445E332DD4D236E24D5C94E
                                                                                                                                                                                                                                        SHA-512:8F350CB3D0C13A701C67749E103B1E07EE1E2EF8EFE71B70CC728F8E21DC02922BAB241CA256695DAC9B225D450623E9F8DA055EA062E336D7F1CD9D2A3FB6D9
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ... ....... .......................`............`.................................v...O.... ..................0(...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........P...................$.........................................{)...*..{*...*V.(+.....}).....}*...*...0..;........u......,/(,....{)....{)...o-...,.(.....{*....{*...o/...*.*. S]G. )UU.Z(,....{)...o0...X )UU.Z(.....{*...o1...X*.0...........r...p......%..{)....................-.q.............-.&.+.......o2....%..{*....................-.q.............-.&.+.......o2....(3...*..{4...*..{5...*..{6...*..{7...*..(+.....}4.....}5.....}6......}7...*....0..k........u......,_(,

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\NLog.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1409
                                                                                                                                                                                                                                        Entropy (8bit):4.992215339808616
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:2dNQjY8L2PRRkMYaWcvJ9AwcPGnJg8vQpyriEWZoEs4h:cb8MRRkMVB9AwVbIQdsoEf
                                                                                                                                                                                                                                        MD5:766E089F9AF0DAD5BFD8B77167D1E0FD
                                                                                                                                                                                                                                        SHA1:0AD55E6BA596EFEB24867DC9FDCE4B3D2F2D904F
                                                                                                                                                                                                                                        SHA-256:1D95ED644BB7D706E5B8EBDCB875B23F8B21C62C53C701EB8B3385F770808D7E
                                                                                                                                                                                                                                        SHA-512:FD8ECF32094577A51579911AC3722D839A7B0874146B909EB8DC944CDB5DA459BFCF7EB64B47EC08F40515E6C38B4C4CBA1F4D9F9EB403E891A8710310DBAECA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8" ?>..<nlog xmlns="http://www.nlog-project.org/schemas/NLog.xsd".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. xsi:schemaLocation="http://www.nlog-project.org/schemas/NLog.xsd NLog.xsd".. autoReload="true".. throwExceptions="false".. internalLogLevel="Off" internalLogFile="c:\temp\nlog-internal.log">.... optional, add some variables.. https://github.com/nlog/NLog/wiki/Configuration-file#variables.. -->.. <variable name="myvar" value="myvalue"/>.... .. See https://github.com/nlog/nlog/wiki/Configuration-file.. for information on customizing logging rules and outputs... -->.. <targets>.... .. add your targets here.. See https://github.com/nlog/NLog/wiki/Targets for possible targets... See https://github.com/nlog/NLog/wiki/Layout-Renderers for the possible layout renderers... -->.... .. Write events to a file with the date in the filename... <target xsi:type="File" na

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\NLog.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):883760
                                                                                                                                                                                                                                        Entropy (8bit):6.071504659955744
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:V1n1p9LdRN39aQLU0NnWSo7NReIGeFTiQaMcK2VJNUR10+xMhCJqtgsxUsQJ:V1n1p9LdRN39aQZUqM
                                                                                                                                                                                                                                        MD5:17A183A03C34B8EC1C91B3DD0B50E022
                                                                                                                                                                                                                                        SHA1:7D226520BE51BD71D05D7EB56793233794F87DA4
                                                                                                                                                                                                                                        SHA-256:381278035C5A8A4668D31B12F0BF3DEC6544E9668FED84DA038A8D21D233D72D
                                                                                                                                                                                                                                        SHA-512:AD5591F6B90A07C00F10EF19231BB3C766E9E27C2205AB3A32C15B7D0DE0F732A5600665E4302290C771F06370B23E4FF0AC63E51C1F36899F98CCB6BD5F8C01
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..F..........:d... ........... ...............................;....`..................................c..O....................T..0(.......... c..T............................................ ............... ..H............text....D... ...F.................. ..`.rsrc................H..............@..@.reloc...............R..............@..B.................d......H........%...2...........W.......b......................................"..(....*..(....*"..(....*..(....*..(....*..(....*.(....*"..(....*...0..B.......~..........(b...~....,.~.....oc......+...(......od......,..(e....*........../7......"..(....*6.(.....(....*..0..........(.......of...&.*.(....og...*2(.....oc...*....0..?.......~..........(b...~....,.~.....oc...+...(.....oh...&...,..(e....*.........,4.......0..?.......~..........(b...~....,.~....oi......+...(....oj......,..(e..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Newtonsoft.Json.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):710192
                                                                                                                                                                                                                                        Entropy (8bit):5.960370699367048
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:hBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTUW:hBA/ZTvQD0XY0AJBSjRlXP36RMGj
                                                                                                                                                                                                                                        MD5:53D8AD0BCDED36C2EEBD4D3C45A60BD7
                                                                                                                                                                                                                                        SHA1:9289840CB0518AF183BB41AB05428A6415B92AAE
                                                                                                                                                                                                                                        SHA-256:07A068EF96EE5F447282B42B1818FDFC372B674893E6742A5F83DDBC4DF13ACD
                                                                                                                                                                                                                                        SHA-512:41B19112B6CCE405E16153354223F4AFF548E9F55EDFDC158588E78D9EAA755E10865D7220B916EC14DAB4181C55C005B161B44AC011419EE85EFF5F65975523
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O.......................0(.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\StructureMap.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):284208
                                                                                                                                                                                                                                        Entropy (8bit):6.11766612253341
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:IZgOtIGgeCEwNN4uaNZLVJ8ViVvW18KHxmeWntxX4xHex:Ogo0WPVTXgk
                                                                                                                                                                                                                                        MD5:D1BA01295CAEFA1F00261AAA943FFDBC
                                                                                                                                                                                                                                        SHA1:54BE9D6F121721542E1B563804766592C9EBF14E
                                                                                                                                                                                                                                        SHA-256:F425945B4D1BD5D65776EE4FF4330F33947692EA5E797EDA3103B6E380196BAF
                                                                                                                                                                                                                                        SHA-512:DFFE1F15F635FD9C083B51C66DBE5C5C9B16516B8CA036B262765279FBF01FC521D10AE31288CA3FB5DAD4F8B6E744DDA33FB8698267C40970DCA9409178E067
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....7..........." ..0..$...........C... ...`....... ....................................`..................................B..O....`..D...............0(...........A..T............................................ ............... ..H............text....#... ...$.................. ..`.rsrc...D....`.......&..............@..@.reloc...............,..............@..B.................B......H.......X~..x.............................................................o...+*..o...+*..(....*n.-..r...p.r...p(<...s=...z*...(.....o>...-.r...p.r)..p(<....s?...z*.0..9..........o@......+$..........(A....oB...(...+,...+...X....i2..*..(D...*....0..n.......sE.....oF......+A.......(...+,/..oG....,.rc..p..oH....oI...(J...sK...z...oL.....X....i2..oM............oN....*..(D...*...0..E........oO....+..oP......oQ......8...,......o....-....,..o.........8.....*.*...........'.......V.-.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\System.Buffers.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22064
                                                                                                                                                                                                                                        Entropy (8bit):6.678784612747097
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:ty/fjFwUI/KQyVvKdDhG6ISDFWvYW8aoNyb8E9VF6IYinAM+oCOqpx:tuhMaVmzDC67EpYinAMxCJ
                                                                                                                                                                                                                                        MD5:35082EAB5825C9A9D021B5B97BE382B2
                                                                                                                                                                                                                                        SHA1:4716CBD843C8A2A1AA7ED7C95700672E9A863674
                                                                                                                                                                                                                                        SHA-256:B91E3FA4C89230B668EE2DE7D6824DAB708B981F1AE94E734445154BC8A3F6EC
                                                                                                                                                                                                                                        SHA-512:9F0FFB52E060910662AE7AA020AE836119BC609B3E0E9367C7C9D2F2975FC1DDEB1EC1B2F708704C22D666E778B787679BEE5A3CAB5868C09CCB5B57C9026BA2
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..$...........C... ...`....... ....................................@.................................sC..O....`..@...............0(...........A..8............................................ ............... ..H............text....#... ...$.................. ..`.rsrc...@....`.......&..............@..@.reloc...............,..............@..B.................C......H........(.. ........... @..X...xA......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*.......%...(....*.(....,.r...p......%...%...%...(....*.......%...%...(....*..0..A.......(....,!r...p......%...%...%...%...(....*.......%...%...%...(....*.~....*2r...p.(....*B.....(.........*..(....*R.....(...+%-.&(....*^.....(.....(...+&~..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\System.Diagnostics.DiagnosticSource.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):97328
                                                                                                                                                                                                                                        Entropy (8bit):6.2419469146373485
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:3NSbHB6zBedWp71O37rGMsQ5gbDnTE8iayI2Sf+Ku6JhbDEhr4WTJ7HxQ:3N3OWMsQ56vd2s+KuYc9RTJa
                                                                                                                                                                                                                                        MD5:9F59EFE4EE7BFF13F5866311048A6A80
                                                                                                                                                                                                                                        SHA1:1F20929EE2BCC0BE40848CC739C6F31CAD13DA69
                                                                                                                                                                                                                                        SHA-256:32FB947BAD722480938922DC363DB76AB0079383C6D732B4998C302B03D87200
                                                                                                                                                                                                                                        SHA-512:CCCAAF2396AD1307AF0B51B424005BFB350508059CD9CF3E9641D396CCA3EC4C22EFB0329DF0AFD0B3888E07559B6904A0361B85A80A527CD3139161CFF91DAA
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....0............" ..0..J...........h... ........... ..............................P.....`..................................g..O....................T..0(...........f..T............................................ ............... ..H............text...4I... ...J.................. ..`.rsrc................L..............@..@.reloc...............R..............@..B.................h......H.......L...............<^.. ...\f........................................{'...*:.((.....}'...*..0..#........u......,.()....{'....{'...o*...*.*v ..yN )UU.Z()....{'...o+...X*....0..:........r...p......%..{'......%q.........-.&.+.......o,....(-...*..{....*:.((.....}....*....0..#........u......,.()....{.....{....o*...*.*v ..:. )UU.Z()....{....o+...X*....0..:........r-..p......%..{.......%q.........-.&.+.......o,....(-...*..{/...*..{0...*V.((.....}/.....}0...*.0..;........u......

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\System.Memory.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):138288
                                                                                                                                                                                                                                        Entropy (8bit):6.17954530016547
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:G3XFz0qjCIPMAxlUXUKoPfw0kG71AHK7cnO:U0qjCSRE+fw0kG719
                                                                                                                                                                                                                                        MD5:6D055BBD0463057997B216FA41FC1BAA
                                                                                                                                                                                                                                        SHA1:0E3B5685453BFE674252EEFE7B29DDFFE3394F36
                                                                                                                                                                                                                                        SHA-256:94571C1156471E113A0BA58686D0E0F8C8A18B7F5415A17CC00688D6901D6DD6
                                                                                                                                                                                                                                        SHA-512:D3D1FB3588D4AE7279244086069DEF2145FDD341099BD66B801CE1F7EB18F4F68B0043D3CF4BA5C8FA3FA680EF228C3371743AF1E9DCAA64711321EC6A94FCEC
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6wb.........." ..0.................. ... ....... .......................`......\.....@.................................?...O.... ..@...............0(...@..........8............................................ ............... ..H............text...h.... ...................... ..`.rsrc...@.... ......................@..@.reloc.......@......................@..B................s.......H........ ..............\.......D.........................................(&...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....('...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o(....{....(X...*..(....zN........o)...s*...*.(....z.s+...*..(....zF(L....(F...s,...*.(....z.(M...s,...*.(....z.s-...*.(....z.s....*..(....zN........o)...s/...*.(....zrr...p(S....c.I...(F...s0...*.(....zBr...p(P...s0...*.(....z.s1...*.(....z.(O...s2...*.(!...z.(V...s2...*.(#...z

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):17968
                                                                                                                                                                                                                                        Entropy (8bit):6.673983708245621
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Oh06sbbVVPWU2W+Nyb8E9VF6IYinAM+oCeBhKr+:Oy9eEpYinAMxCAcr+
                                                                                                                                                                                                                                        MD5:351EE6E0FBE6951D43F195DBFD34911A
                                                                                                                                                                                                                                        SHA1:2FAAD5BD1D08D9791C941F6F01BA41473C12DD1F
                                                                                                                                                                                                                                        SHA-256:8B4AF4380F5083A9DC11F5E74FEA942A34DE4AA3740EE0DBCEF92A95AFD656F6
                                                                                                                                                                                                                                        SHA-512:00A0600E0E4541058B8FF5A7314E0C2779B5BA5E3F9FBE9F15556E84D84D8B3C0317116B29A832CB038457EF6CE1FA88149C18E7DD33D27A3ADD3AFFAC5FF9D7
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....._...........!.................3... ...@....@.. ....................................@.................................@3..K....@..................0(...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p3......H........$..0...................P ......................................._.%c......=.n')...(v..:}.d...3...B...).. .:Q(....L.jt....}Xv.b7y0r.[..$.....q..c.6.....p..2..qHv/.pb.=..9.o"z.. 0P.t%H....U...0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0..........*....0................*..0...............*...0..............

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote.zip

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):342865
                                                                                                                                                                                                                                        Entropy (8bit):7.9992844075056935
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:6144:9nQP7HqdkykjdqfvImDTIVfygNymRsl8aejvq13W/V191OQB6MBsUUnf7spSg+V1:9nQP7Hqdk/pqo0IVfb5na9Z619MQBxu9
                                                                                                                                                                                                                                        MD5:B3E14504A48BED32C53EC7AAB2CB2C8F
                                                                                                                                                                                                                                        SHA1:0BC0D486A5ED1C4CDF2390229883ED3473926882
                                                                                                                                                                                                                                        SHA-256:ADEA6001759B5604F60BBAEC8CE536A1E189ADEBC7394F9CFF3921CAE40C8C9B
                                                                                                                                                                                                                                        SHA-512:E5A5C09355EB9CB45DC872B59EDBD54F62F15445CA6CAAA3187E31E7928EF4453AE8405D9EEE5D2AEC4FA34965D3006DCF61C060B8691519A2312382612C683F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:PK..-......i/Y.h.9........-...AgentPackageSTRemote/AgentPackageSTRemote.exe....0".......p.......(.|Le....r....W..........'.-._.{.a.b..-....6u.#."'+.u.9...B..n.....>!(.Tzs4a.g?.....{...J}...v..?.Q...........0.P..m.....2^...X..}k.....VU.HY.*.sZ..Y$H..j.g..p#...9..f/*.8...(...w...a.&B.`.bV/g{.....0.QRH.J.E.c.m.}!..T...N..74.r.*J...u,....\7...o...~.....>`X;.2i..g.7.^0..R0[P..."..7..t.d.........!#.}t..G.%7"p.jnG....(..Rg.K9..Z.#...w.4.351.......-.....v&.t.g?I.pA_.J..`..p,.....4G..h.D....d.:s..H..c....l-y\i.@.....lr.$..LC..._.<W.>.(..0B..rz...... V......v.{"........=..zSqA5.-..2...!.>..rB5g.....Tq.....!8\.S#.K.N.l[...L..|...i2..3pp..2'...Cx.@.<..q.\.<..J....&.\.X....mk...ic.....F.@r..^.^e.?....l#.9..Q..g..7a|2.@.g.h..:....|8...{[..N)~...6..i#.q..F5W.dK<.C..Wm..[KPI.......h.x..SO..m......6..*.........G.TS..p.Z.@..dx.N...\...OmO.Ho.l.^.#6.8.:eM4`...).yU....W....C.]......f.2....:...m;r..;...[...:D()2"....Q!S..ik5.../t.V..:s..f.a.V...}ou..o...j....b.....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):74288
                                                                                                                                                                                                                                        Entropy (8bit):5.498724993681897
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:y5TTyapvW7AM3ushkm7Xv2piJQ+VASa0oJoU0BaaOP/7HxZoU:yU48q230au/9
                                                                                                                                                                                                                                        MD5:749C51599FBF82422791E0DF1C1E841C
                                                                                                                                                                                                                                        SHA1:BBA9A471E9300BCD4EBE3359D3F73B53067B781D
                                                                                                                                                                                                                                        SHA-256:C176F54367F9DE7272B24FD4173271FD00E26C2DBDBF944B42D7673A295A65E6
                                                                                                                                                                                                                                        SHA-512:F0A5059B326446A7BD8F4C5B1BA5858D1AFFDC48603F6CE36355DAEAAB4ED3D1E853359A2440C69C5DEE3D47E84F7BF38D7ADF8707C277CD056F6EBCA5942CC5
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.........."...0.............z.... ... ....@.. .......................`............`.................................(...O.... ..P...............0(...@....................................................... ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B................\.......H........D..4............................................................0..........(....9....(....~9...%-.&~8.....}...s....%.9...(...+~:...%-.&~8.....~...s....%.:...(...+~;...%-.&~8.........s....%.;...(...+~<...%-.&~8.........s....%.<...(...+*.*..(....*...0..-.......(.....3..*r...pr...p(....,.(......(....+..._*....0..(........(......~....(....,..*..(....~....(....*.0.......... ....(......i./.*...............&.........7...%.. ..o.......r9..p( ...,.*......s!.....s!............

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):541
                                                                                                                                                                                                                                        Entropy (8bit):5.097123194334321
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:MMHdGp2VvOF9LNFF7ap+5v5OXrRf/2//FicYo4xT:JdsIOvPF7NhOXrRH2/d9y
                                                                                                                                                                                                                                        MD5:D0EFB0A6D260DBE5D8C91D94B77D7ACD
                                                                                                                                                                                                                                        SHA1:E33A8C642D2A4B3AF77E0C79671EAB5200A45613
                                                                                                                                                                                                                                        SHA-256:7D38534766A52326A04972A47CACA9C05E95169725D59AB4A995F8A498678102
                                                                                                                                                                                                                                        SHA-512:A3F1CFF570201B8944780CF475B58969332C6AF9BEA0A6231E59443B05FC96DF06A005FF05F78954DBE2FEC42DA207F6D26025AA558D0A30A36F0DF23A44A35C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>...<startup>....<supportedRuntime version="v4.0" />....<supportedRuntime version="v2.0.50727" />...</startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.ini

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12
                                                                                                                                                                                                                                        Entropy (8bit):3.584962500721156
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:WhXWl:WBQ
                                                                                                                                                                                                                                        MD5:3D66AE5ED06891E8CE75A39A24070844
                                                                                                                                                                                                                                        SHA1:368064119835D4376727A14706C41384446183E8
                                                                                                                                                                                                                                        SHA-256:73DBA8242FDB4DE1393B367A239F730ACA6713E6658BE69F1D8992AD26479176
                                                                                                                                                                                                                                        SHA-512:C0B61F92BB61A7BF90225D1BA5A1BEA0FC077C2481A2149663B546296421855AB3147C3A1F5372EBC920731624BC8578595C18CA9D138691C720FDCB86D03F8A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:version=23.4

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):96816
                                                                                                                                                                                                                                        Entropy (8bit):6.180256382950937
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:gJt7dqUlizL21LDdeOKTfLz2L506wFj/XxFoKjhJG/50vks00UfgfgvC7Hxwht:gQUm2H5KTfOLgxFJjE50vksVUfPvC6
                                                                                                                                                                                                                                        MD5:EBBE06F612E1C8B87E3D4AACA15A29B5
                                                                                                                                                                                                                                        SHA1:D2B1317ED96EC0C92CCAF7E85F68EE24F289413F
                                                                                                                                                                                                                                        SHA-256:6CD16DCE27E724C2DAA098F131343FFDBBED0DA5B7EF62542B421A0817DE3A3E
                                                                                                                                                                                                                                        SHA-512:EB079EB409925516118DB4980BE734A645B7444BC51862CE7C95D52E0697B7B937BBACAF421FC5AF1A01D3262C1B19A3CF9376ADB0A5537DE0973E0B7DDE63DF
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....0.d.........." ..0..H..........zf... ........... ..............................Rm....`.................................(f..O.......8............R..0(...........d............................................... ............... ..H............text....F... ...H.................. ..`.rsrc...8............J..............@..@.reloc...............P..............@..B................\f......H........k..D............................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p(....r...p(..........(....(......&..*........00......:.(......}....*..0..Z............( ...,......(!...*~..........("........( ...-..(....s#...........,..($.........(!...*..........&E.......0..G........{....,.(......5~%...r'..po&...rm..pr...po'...tR...r...p((..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Newtonsoft.Json.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):710192
                                                                                                                                                                                                                                        Entropy (8bit):5.960782910515381
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:PBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUJ:PBjk38WuBcAbwoA/BkjSHXP36RMG8
                                                                                                                                                                                                                                        MD5:3B395830460C2F72BC6CD12DD096DB0C
                                                                                                                                                                                                                                        SHA1:73063C63D2B562310AF76ABEF2A8B7E697389C94
                                                                                                                                                                                                                                        SHA-256:F7BB07B7C1718DBBCB692AA4296EBEFD7CCD1E55F27BE00703A3CE623AD38D5B
                                                                                                                                                                                                                                        SHA-512:DBCAEDDDC4D99586F1E04FDA97E1C706FBC6BE7BB766E0FE73ADDAD3116517010A3C1C92D7F54D71533B4C4459631966D8D0CF370ECF1F789F7D25FCB2F5A64E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p$?..........." ..0.............B.... ........... ....................... ............`....................................O.......................0(.......... ...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................$.......H.......x...(9............................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\log.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):88
                                                                                                                                                                                                                                        Entropy (8bit):5.002465716267245
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:KPvTFEE6LGKWqKRLXsmfWoVUgXAQJ:KPvxtlKWqKRLX/qK
                                                                                                                                                                                                                                        MD5:5B4B1CD103E12BF5AEC9001C084384C5
                                                                                                                                                                                                                                        SHA1:967331BB917727BE82BA758B8CC6715EF9F0400E
                                                                                                                                                                                                                                        SHA-256:51AE98091A8CE1EA9D2C075A6597934A64A2206D257BD3B81F9F5E5785CA018C
                                                                                                                                                                                                                                        SHA-512:B9B0DBF0392E684BF545F4DA6C60D94C1CA09B5E9CC195C6D13F773E8FB598B088EBE2EB8CC93761E346624CAEC1236D3FA234277B6082879BDAFE68D4DCE8EB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..08/11/2024 07:38:46 Downloading installation to: C:\Windows\TEMP\SplashtopStreamer.exe

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools.zip

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):662057
                                                                                                                                                                                                                                        Entropy (8bit):7.999353949499206
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:12288:BBRK7zkUGwDTrw2rTX8HkklhCrdD2TpNwjaIj2nW7+7nZh2bdb:BBRyNJDw2rTX8Hk5rZ+IapZYV
                                                                                                                                                                                                                                        MD5:7895698867D1AD33934A8553B4806DC5
                                                                                                                                                                                                                                        SHA1:32704DF55DEAFF9BF0B4EE0B887541856578938B
                                                                                                                                                                                                                                        SHA-256:EF5854B5E800A534A08C083D4A3956DFC0A474FF540CAE9BF0A9077A213B2FF9
                                                                                                                                                                                                                                        SHA-512:20337093DDC5322C4B96C7BF26F1A0B966FAFDE70A96F7E9B5E9D36ACAC7D862BD2A50CAE9A63731B23904A9256C94CD3BB4E19768130580511EC4C408536A58
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:PK..-.....B.]Y.]Up........3...AgentPackageSystemTools/AgentPackageSystemTools.exe....(........j........A.U...6X;..qH?(.8....1...FU..ux,....R.mn}..p.8.}m..N.o#.. <..Q.t..\...hP.9.....n,..X...%......S% ...x..+&Dq..f.Ao..o9.B .....?..-)X..v.,g<....5.|.....[.z<.&..D.P.(..1 i....{....G_.2.[m....Q...7..~#....<Aw..w..o...U.?...2....9.5.{e..H.$.,..T.C.H...siX..f....D.Pf!.......f.87e#......3...x.I.#...-..(.;....w]_.8#..\...a.%.K^z~...a}..~.g..C...@ek,i"^>s..c.'......Y.\.h....=.V....<.c..^B..Z....%..|'..3m..@}n..F..x....+.\.m.4..>.&....L....<.......y. ..X.K..@m~..>`1Y. ...Pv.Y.c.....w.....h.y.yL..|&.%}}Nr....E...u.4..`f...}..1...)...r..>).M.n.I.>..B........>.>...V...8.W..-.U..a..E........_#`y..X.....S..e..^.45...s....wp..$.r.D..+'....p..CK..B.=..q. .I.1r..u-9ZB.Oo.M.....3.._............:....K.....G./...I...d]p.....ht...k~...t..!.1.sf..?......k......A....n.3...\Z.f..l...X[........S....f....pG..p..I.... .(........E..F.u.......|..;.!.....w...%uL..i.V

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):51752
                                                                                                                                                                                                                                        Entropy (8bit):6.276903482604295
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:MsK/GcLpkOGiHuAQ+INjkfEQ3Tnz8AnTqLx3OEpYi60nN:M/zpqiOAbINwfEQDz8QIx3v76GN
                                                                                                                                                                                                                                        MD5:C0F02EAA3EB28659D8F1BCBA8DE48479
                                                                                                                                                                                                                                        SHA1:5BE3C69E3F46DAFF4967484A09EB8C4A1F4A7F0F
                                                                                                                                                                                                                                        SHA-256:6BEFB51A6639CAE7E25570F5259F7B1F2D9B9B6539177D64D2ED8BE50DDE6268
                                                                                                                                                                                                                                        SHA-512:47B536FA628608A58F6F382BBC99911EEFF706BECFAF4B1C5FF904CA768917F40C2E916BA5A31992DF0335BA5A57755F047F70AAFAAC414FC655DA0CD6F95E34
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....!g.........."...0.................. ........@.. ....................................`.................................D...O.......`...............((........................................................... ............... ..H............text........ ...................... ..`.rsrc...`...........................@..@.reloc..............................@..B................x.......H........B..dq...........................................................0..........r...p... .....r...p.(.....o......(.....o......(.....o...........s......[o......s....%.o........o......s...........s....%......io....%o......o........o ...o .....(!...*..0..........r...p... .....r...p.(.....o......(.....o.......("..........s......[o......s....%.o........o#.......s$..........s.......i.J.....%......io%.......o ...o ...(.........o&...*..('...*...0..].........~(....~(....~(........

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):923
                                                                                                                                                                                                                                        Entropy (8bit):5.156246271896278
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:Jds4F7k1hOXrRT2/2E10PT2/+w0E1UrPT2/+7Trln:3ss757Rkqk+wik+7Nn
                                                                                                                                                                                                                                        MD5:D6FCBCF9C6ABC2F051772E7A7D5EDFD5
                                                                                                                                                                                                                                        SHA1:33D9962BCC42F021A7CEADF3D1C613B4643C66F6
                                                                                                                                                                                                                                        SHA-256:F523D40AE141AA8899B053D77117FCF50639708757AD4A050F3A11E8582A894A
                                                                                                                                                                                                                                        SHA-512:07DA40F1C43A1E35582ADE5DBBAEB47EC2922C42241BD4B950EFA76407597CF838338E27F3F5197E02F5209B27542207BEDBA9B85681955E3C326C95C1F5AC22
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>...<startup>....<supportedRuntime version="v4.0" />...</startup>...<runtime>....<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.....<dependentAssembly>......<assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />......<bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.....</dependentAssembly>.....<dependentAssembly>......<assemblyIdentity name="System.Buffers" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />......<bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />.....</dependentAssembly>.....<dependentAssembly>......<assemblyIdentity name="System.Memory" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />......<bindingRedirect oldVersion="0.0.0.0-4.0.1.1" newVersion="4.0.1.1" />.....</dependentAssembly>....</assemblyBinding>...</runtime>..</configuration>

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.ini

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12
                                                                                                                                                                                                                                        Entropy (8bit):3.584962500721156
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:WhXSnn:WBe
                                                                                                                                                                                                                                        MD5:39DF0BC698F203A4FEF18A68A7B0EADC
                                                                                                                                                                                                                                        SHA1:0EA8D556AF659E0C8D6406B5B3E7E56EE6A10188
                                                                                                                                                                                                                                        SHA-256:F8DD3CEC3612C302B45EA9539002625E58E528A5CB68B4B0E6C3C2A378122C1A
                                                                                                                                                                                                                                        SHA-512:E6FF51381293BFD52EAE39B9868968A76D94BC993BAD5566C532A30E5EE5FE121C2F5B8EAED7ACEE59E3F6B8C1B3BEBB53B07B46F572F3498B1800B0DEAC128D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:version=27.6

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):112168
                                                                                                                                                                                                                                        Entropy (8bit):6.1656661918593905
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:f6sg/V5pWyNoWSh7Wyt1M2MAlb7UkN9/EVYFfbQgL/BR18xRUmHkEWpkGI76jC:fI8/Mmb+afbQgL/f182iGIJ
                                                                                                                                                                                                                                        MD5:6C7379E62BB26D3368555BDD5CD83E88
                                                                                                                                                                                                                                        SHA1:A406C91F1FC52525244B9E9EDC2A2188154A6109
                                                                                                                                                                                                                                        SHA-256:B87F055078EC819250F49ABAF196D42ECD994070BE5C14A9A157E783BCDA39B4
                                                                                                                                                                                                                                        SHA-512:E3FB4CE3826F39F8949EEFC147D7D07F2DB0265D421710A0058DEBBA9EFF21294563FDBE62020F42649E7E4A98CF63398C7F1D14E66712C5EB8EDA1D0C4CB5D6
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....!g.........." ..0................. ........... ...................................`.....................................O.......8...............((..........L................................................ ............... ..H............text....... ...................... ..`.rsrc...8...........................@..@.reloc..............................@..B........................H...........<!...........................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p( ...r...p(!.........("...(#.....&..*........00......:.(......}....*..0..Z............($...,......(%...*~..........(&........($...-..(....s'...........,..((.........(%...*..........&E.......0..G........{....,.(......5~)...r'..po*...rm..pr...po+...ta...r...p(,..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\CredentialManagement.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):38952
                                                                                                                                                                                                                                        Entropy (8bit):6.310423924344811
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:LINsi1A6I1MLzHS0+iFJBn5gpKNEpYi60wg5t:MNsii6v/HS0+OJd5gpKm76tg5t
                                                                                                                                                                                                                                        MD5:75A85EBD35C909B1AE34FC3F37500E53
                                                                                                                                                                                                                                        SHA1:B7527367D4860841EA922589D66B928B27FE53CE
                                                                                                                                                                                                                                        SHA-256:D3C5160AB184F88A1CCF47846AAF8402200FCCD509B31A73B8AA19F529AB14FA
                                                                                                                                                                                                                                        SHA-512:96F4B49F8FA28A20CA893D69D7432F07D516C15C0FBCFE83891F832C15D1883518487410165206D481CDAB48C130257C073AD626E6F318F2DE31A441443CDACA
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H..T...........!.....f............... ........... ..............................1.....@....................................O....................p..((........................................................... ............... ..H............text...$d... ...f.................. ..`.rsrc................h..............@..@.reloc...............n..............@..B........................H........2...O...........................................................0..+.......s.........~....%.(.....s............(.....*..........#........,..%{.....`}....*.%{.....f_}....*..0..>.......................(....}=......}>......( ...}@......(....}?....*R.{....,.r...ps....z*:..(.....(....*...0............(.......(.....*...................J.{....-..&..}....*6.(.....{....*:.(......}....*6.(.....{....*..(.....(....,.r]..ps....z.o ... ....1.r]..ps!...z..}....*6.(.....{....*..(...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\IdleTimeFinder.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16424
                                                                                                                                                                                                                                        Entropy (8bit):6.853907358895156
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:w1c5uLPirbW34/wUNyb8E9VF6IYijSJIVxRFTNUJyXo:w1cKmENUEpYi601U4Xo
                                                                                                                                                                                                                                        MD5:5F6C8C110454CFAC8B8EE908A953868F
                                                                                                                                                                                                                                        SHA1:C6A2B66C840C0F9324AA255AC8D6E440B2F2F3FF
                                                                                                                                                                                                                                        SHA-256:9E203ED95084AB3B3F3C199712E9C76DB4D9FB3AA5D6BF004ADA9FEE328B6AD5
                                                                                                                                                                                                                                        SHA-512:F682720C6BE19E2B1CDE3C4A03D7D1D7211A3789127F13C1C283F838B8045EAEC4B5C570DCB07ED054BAA5C23C839836D13D0DC8F00205B34862A185C581F537
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....!g.........."...0..............-... ...@....@.. ..............................9|....`..................................,..O....@..................((...`.......+............................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H........!..$............................................................0../.......................(....}......(....&(.....{....Y*..0..D.......................(....}......(....-.(.......(....s....z(.....{....Yn*..(....*.0..t.......r...pr...p...s......o.... ....(.....s......o....&s......(....vl(....o......o.....!..(....&..(....o....&.o......&...*......S..o........7..R.!....BSJB............v4.0.30319......l...T...#~..........#Strings....\...4...#US.........#GUID...........#Blo

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\IdleTimeFinder.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1017
                                                                                                                                                                                                                                        Entropy (8bit):5.00184675687532
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:JdArdEtPF7NhOXrRH2/dV0PH2/+w3VUrPH2/+789y:3Ar+z7O7Rgdsg+w3Sg+78w
                                                                                                                                                                                                                                        MD5:8A743B2BAC31EB00D4BDA0EBC8DF160B
                                                                                                                                                                                                                                        SHA1:5564F6A8F02973D040E8409E21B2A18ECA2CA8EB
                                                                                                                                                                                                                                        SHA-256:31A69A6D9423CE1BCF98F5281DEB1B8F537D95609CDFA03AF9A41CBF00D1243A
                                                                                                                                                                                                                                        SHA-512:9F14C687EF076CEB4B903E2C5803DCB9401BDEADC00B0E090765E67B54E9BEEC733B087609D76C605C8485C7E446E8DB3A0D8AA3E17C969FC155F069070BB543
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Buffers" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Memory" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.1.1" newVersion="4.0.1.1" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\Microsoft.ApplicationInsights.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):398888
                                                                                                                                                                                                                                        Entropy (8bit):6.134219330910627
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:YjS6t1sm5LldNolZIkImcTi077Keb0wi0Lcr4so8mysKTqRjMnM6/Zmvl:Y+e55LgIkTmyAAfTnMLvl
                                                                                                                                                                                                                                        MD5:E8815AB9546D6E490D2846504034579F
                                                                                                                                                                                                                                        SHA1:0555312ED1C700ECBC37BFCDE1140FEEE906FA0A
                                                                                                                                                                                                                                        SHA-256:4A48F3331F1CA29F3CD57658716A39837FCE120999CEF8E44B71FB885DBA861F
                                                                                                                                                                                                                                        SHA-512:67DF21BA4AEA22ED63EA7CB1E9E670815E88262E324D340B2BE7DD5361F770B12064F56016F1CD41024F6846E84B3EC0D4C61A5EE71FDF11879A7E714B0169B3
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ... ....... .......................`.......N....`.................................v...O.... ..................((...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........P...................$.........................................{)...*..{*...*V.(+.....}).....}*...*...0..;........u......,/(,....{)....{)...o-...,.(.....{*....{*...o/...*.*. S]G. )UU.Z(,....{)...o0...X )UU.Z(.....{*...o1...X*.0...........r...p......%..{)....................-.q.............-.&.+.......o2....%..{*....................-.q.............-.&.+.......o2....(3...*..{4...*..{5...*..{6...*..{7...*..(+.....}4.....}5.....}6......}7...*....0..k........u......,_(,

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\Newtonsoft.Json.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):710184
                                                                                                                                                                                                                                        Entropy (8bit):5.960700768144483
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:xBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUQ:xBjk38WuBcAbwoA/BkjSHXP36RMGh
                                                                                                                                                                                                                                        MD5:C1ED198D6A5A3B91803AE06CAD22C3F1
                                                                                                                                                                                                                                        SHA1:CC59677BE3ECFD80EDF5D1CF2EB90742092111A2
                                                                                                                                                                                                                                        SHA-256:D46156C73123F9E5F3008C58461EB19DE5935A21FD33366C4AF02682AB42C8F4
                                                                                                                                                                                                                                        SHA-512:26CDBA17B6546F8E9D43243EB708FCCA5DA8EB19AC164695DADB944F71CFFEEC908E9F269FE90F0163B332164D725CF0494AAB165677B588B188FFEB888D964B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p$?..........." ..0.............B.... ........... ....................... ............`....................................O.......................((.......... ...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................$.......H.......x...(9............................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\RunScriptAsUser.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):18472
                                                                                                                                                                                                                                        Entropy (8bit):6.705325491847164
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:dqHstMuvMK2tFNyb8E9VF6IYijSJIVx8s6:dXMukKeBEpYi60y
                                                                                                                                                                                                                                        MD5:21A4630C5A4D88DAA5C57E45FFCA3A7A
                                                                                                                                                                                                                                        SHA1:CD8D4B45D46F10BE5490D9A14D78C2F1B65288C6
                                                                                                                                                                                                                                        SHA-256:4869FC8C272289D814DD591294C9189B4D937DA08EF899D47D79D8D74557977B
                                                                                                                                                                                                                                        SHA-512:5B8650D6121AF5074EC65B59EE2067AC013AAB3E888FB1777FF6533F9125C453E9CEC24843468DD6C4030807CA988F9FD0E338AC54BA391C53D2F484BC4310E1
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....!g.........."...0..............4... ...@....@.. ...................................`.................................d4..O....@............... ..((...`......,3............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................4......H.......(#..............................................................6.(.....(....*...0..........s....%r...po......o......&..*....................0..%.......r!..p.s.......o.......,..o.......&..*.......................!!.......0..........r_..p(......i...r...p(....*....r...p....s.....r_..p(.....o.... ....(.....s........(....-.........o.....o.....o....(.......l&..-.s....%.o....%r...po.......L....(....o....&..&...o....,%.o....( ...-..o....(!...,..o....(".....,..o.....*....4..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\RunScriptAsUser.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):975
                                                                                                                                                                                                                                        Entropy (8bit):5.005145470654642
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:JdsHPF7NhOXrRH2/dV0PH2/+w3VUrPH2/+789y:3st7O7Rgdsg+w3Sg+78w
                                                                                                                                                                                                                                        MD5:DB02B24A7803C99F651940FECBE6E283
                                                                                                                                                                                                                                        SHA1:34EF3032B61E369535658D72BCE1E9908888EA0A
                                                                                                                                                                                                                                        SHA-256:207C4D442FACD06379217DD915D85D926DD622E72F6DB5814753FD2E5F8D0048
                                                                                                                                                                                                                                        SHA-512:9C76B6E3DBB34E2729F5C0E49A2A195C87AE11916A4479676AD09EE2C182DD83F87E826BA39DDF410B99A82EF1053571AA7A1E97426D396794C6E25E066C3849
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>...<startup>.. <supportedRuntime version="v4.0" />.....</startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Buffers" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Memory" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.1.1" newVersion="4.0.1.1" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\System.Buffers.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22056
                                                                                                                                                                                                                                        Entropy (8bit):6.676761287031738
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Zy/fjFwUI/KQyVvKdDhG6ISDFWvYW8af0Nyb8E9VF6IYijSJIVxOqgzXU:ZuhMaVmzDC6k0EpYi60gk
                                                                                                                                                                                                                                        MD5:66084E1A2EF0F7EE9C19238C7F6D6DFB
                                                                                                                                                                                                                                        SHA1:0DE978530731CDEF53D0302D7CA32A5C56E3856C
                                                                                                                                                                                                                                        SHA-256:A1078DD6A3A1AB3FD28EB1B5EC10BB126C14807F3DBDA81650F75AC79AEE7E46
                                                                                                                                                                                                                                        SHA-512:97A4A18878BF64C20869F4A1A60CBF2A12D57413FB197C15A547CE5B1BCCA31FE36D11A4F5B300F23179C8B153B76E3C73D311545C67E6694FECEA706BA6914E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..$...........C... ...`....... ...............................,....@.................................sC..O....`..@...............((...........A..8............................................ ............... ..H............text....#... ...$.................. ..`.rsrc...@....`.......&..............@..@.reloc...............,..............@..B.................C......H........(.. ........... @..X...xA......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*.......%...(....*.(....,.r...p......%...%...%...(....*.......%...%...(....*..0..A.......(....,!r...p......%...%...%...%...(....*.......%...%...%...(....*.~....*2r...p.(....*B.....(.........*..(....*R.....(...+%-.&(....*^.....(.....(...+&~..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\System.Diagnostics.DiagnosticSource.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):64040
                                                                                                                                                                                                                                        Entropy (8bit):6.266538479286202
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:HYDFPV3uv9niVSmzPFX8lpJ6TJPe4TW9Lvu2perEuaRtIvqUl1FHEpYi607zPk:HKC9niwOepJ6TJPeb6NIUFg76Kzs
                                                                                                                                                                                                                                        MD5:6D09B622635ED02D52600299F6102645
                                                                                                                                                                                                                                        SHA1:BFE508CD7D9F302E1A5C26184A46B752F64CCECC
                                                                                                                                                                                                                                        SHA-256:4E27A624A06023843D8369ABAC1E042845135AF278486FD86C3680928AECF66D
                                                                                                                                                                                                                                        SHA-512:6C4197E00E0C10ED1FF8E073A9D080C9C913A4CF2CB1B80F047B76F788059604F60F7D750A6EE8E66C65AB02BB847E4CBF737397B9E2C849A633674DAAF9AE96
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....[............" ..0.................. ........... .......................@......t.....`.................................k...O....... ...............((... ..........8............................................ ............... ..H............text........ ...................... ..`.rsrc... ...........................@..@.reloc....... ......................@..B........................H........[..h...........(.......0.........................................{#...*:.($.....}#...*..0..#........u......,.(%....{#....{#...o&...*.*v ..yN )UU.Z(%....{#...o'...X*....0..M........r...p......%..{#....................-.q.............-.&.+.......o(....()...*..{*...*:.($.....}*...*.0..#........u......,.(%....{*....{*...o&...*.*v ..:. )UU.Z(%....{*...o'...X*....0..M........r-..p......%..{*....................-.q.............-.&.+.......o(....()...*..{+...*..{,...*V.($...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\System.Memory.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):138280
                                                                                                                                                                                                                                        Entropy (8bit):6.178769713478036
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:CP3XFz0qjCIIMAxlUXsKovHO420kN1A6C8IJHF:Ch0qjC5RMOHO420kN1+
                                                                                                                                                                                                                                        MD5:825B1939391B03517732A72AA489B50B
                                                                                                                                                                                                                                        SHA1:B8B1E37E60C68E7C73D42A7C532E507DAE1B1D4C
                                                                                                                                                                                                                                        SHA-256:B1A7D040D2CFB5DF692BDE7D5C2CEEDE266D9A7B31804658FFBDAAA147E36C39
                                                                                                                                                                                                                                        SHA-512:74C71265D4AA0FE2B409DB33CE40F83D1208F225808AF780DDE72E02ABE1C9BF431630BB9CF2D46E097400DED78D6B9456B41643EE0C5B5C4C3649C5B30B0241
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0.................. ... ....... .......................`.......-....@.................................3...O.... ..0...............((...@..........8............................................ ............... ..H............text...\.... ...................... ..`.rsrc...0.... ......................@..@.reloc.......@......................@..B................g.......H........ ..............P.......8.........................................(&...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....('...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o(....{....(X...*..(....zN........o)...s*...*.(....z.s+...*..(....zF(L....(F...s,...*.(....z.(M...s,...*.(....z.s-...*.(....z.s....*..(....zN........o)...s/...*.(....zrr...p(S....c.I...(F...s0...*.(....zBr...p(P...s0...*.(....z.s1...*.(....z.(O...s2...*.(!...z.(V...s2...*.(#...z

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):17960
                                                                                                                                                                                                                                        Entropy (8bit):6.634307366985014
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:2TO9dQWXYW8a6gNyb8E9VF6IYijSJIVxJF08V83Y:2Cn6xYEpYi60k8yI
                                                                                                                                                                                                                                        MD5:72823338F267AE2E3B0ED7AB100DE427
                                                                                                                                                                                                                                        SHA1:C03CC9B7F7B1C2895A8568A3F579F154BADE75B3
                                                                                                                                                                                                                                        SHA-256:C29D08E8169DA52E8027AC9755CE99D81B2882B8A1F55648BBED8DB2A85B2BBC
                                                                                                                                                                                                                                        SHA-512:784F69300FD79F62556D473BD37A21ECFB743B5D063CF49299B35101A8399FC2A6F208D3A656C261180DA2558AC5FC93E397131BA0F9C1A2AE3B410328684B52
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^...........!.................1... ...@....@.. ...............................W....@..................................1..K....@..................((...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................1......H........#......................P ......................................O..q.<.P$[p.;a<...Ci......K..!..&.d...FaLJ.....f..........w.E.E........(y...,.Lr..R..........T.z....5..;.. ....&V.=}.... .0.0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0................*..0...............*...0...............*...0..........

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing.zip

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3265339
                                                                                                                                                                                                                                        Entropy (8bit):7.9998753634262805
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:98304:wXFoIT/tvGX5NRtboDmkXHZFs3YTC8joGQ:wXFoCVvm3RkmYs34/or
                                                                                                                                                                                                                                        MD5:85E1898362165FC1315D18ABB73C1B37
                                                                                                                                                                                                                                        SHA1:289A48BA5EE27C0134F75E243C55A90D32C11A05
                                                                                                                                                                                                                                        SHA-256:D0594B261E16394244C64289DAC00367FDC853A1A8E542E0E814A57494C5228A
                                                                                                                                                                                                                                        SHA-512:49FDBEF67C2A85B5D319C26E6E55456C94D294B836C946B9966C8746FB33DE4EDE62B93BA91AD657DF4DB24FDB3EE1DE7395652AE1086C876B7D0B85000D594A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:PK..-.....BYfY.GYZ......../...AgentPackageTicketing/AgentPackageTicketing.exe....(........I........pSu.&.VR..9K..N.e...s.I..-.G.....#..t_k.#`.......+..Y{..~..W.}......W..{.ft..e;.-..4v.....`.n#...,.wWR#.^x..g0.~..1....v(....h..YS../!..D/.....8L.....l.....d.dsrMK.5.T:#.#....~....kF.G.."S...../?V#G.....;T.....X.D.1....R..UkV..C.6z...3"...Ki%.b3]W.5..."5^Z!.3.o.IA.S.....Hz.C......fTW*...F.....q..........i..Tn.JW...4)..7e.. ....^.O.4*/...=.Q...$.....a...{^_d.dr..&...C#.....!1........{.UP...<..z q6.[.NR.^H.r.{..........~g.Y.a.'..x{."G.+t.......f...J........U....!.(.e.$......jd...AB.........r?[..!s@.........=."cK..K!.L.........X*...h.U/........u.%.........'5..:.in'...>hk7....u..+.h.0E.0....~..fI...?...[.......`h....f....j.yQ.0....6<.....KM.M...~.~...o.v.`?...T..V.....t.B.. S...:.$.!w......V.~....x........./8.......U..o..4..l.....^.L.+...ya.|.y..*....V6l/a-........w........z...iU`&.Gu.8.......Y..M,.B.....=s.}P..%.Ug.0"E.....]..r.....P....Hh...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):33320
                                                                                                                                                                                                                                        Entropy (8bit):6.302751646709905
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:b2G6bukIMKWcoBYRYm2uNNKAWFkfoi75yVUDMMXpO6FREVugmRNyb8E9VF6IYij1:OLKFvbJdUExLreVugm1EpYi60b
                                                                                                                                                                                                                                        MD5:F531D3157E9FF57EEA92DB36C40E283E
                                                                                                                                                                                                                                        SHA1:D0E49925476AF438875FA9B1CCFB9077FA371ECC
                                                                                                                                                                                                                                        SHA-256:30AA4B3E85E20ADA6FE045C7E93FEE0D4642DCABD358A9987D7289C2C5582251
                                                                                                                                                                                                                                        SHA-512:27D247AB93EF313CE06FF5C1DECA4B0819B688839C46808A6BE709C205C81B93562181926A36A45A7DA9570BAEA3B3152B6673A3BCCE0B9326C7D3599A3D63C8
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....M+g.........."...0..N...........m... ........@.. ....................................`.................................4m..O.......4............Z..((...........k............................................... ............... ..H............text....M... ...N.................. ..`.rsrc...4............P..............@..@.reloc...............X..............@..B................hm......H.......p4...7...........................................................0..........r...p... .....r...p.(.....o......(.....o......(.....o...........s......[o......s....%.o........o......s...........s....%......io....%o......o........o....o......(....*..0..........r...p... .....r...p.(.....o......(.....o.......(...........s......[o......s....%.o........o .......s!..........s.......i.......%......io".......o....o....(.........o#...*..($...*...0..~.......~....r-..po%...(.....(&.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1537
                                                                                                                                                                                                                                        Entropy (8bit):5.0063120500114895
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:JdsIOvPF7NhOXrRH2/dVxlPH2/FVQ7uH2/FV0PH2/+w3VUrPH2/+789y:3sIk7O7RgdjdgFSagFsg+w3Sg+78w
                                                                                                                                                                                                                                        MD5:C3CA0AD8FE91D02044029A11A9480B1F
                                                                                                                                                                                                                                        SHA1:1FB4C1063460C48AC77D3D4702697A35727A5E51
                                                                                                                                                                                                                                        SHA-256:B2AED8BAB56D0FDBD1D6F1277A3257DFFBFD107BEB19320C0D1F4DC0E4AD3AEF
                                                                                                                                                                                                                                        SHA-512:50B18B6DD91CB691C8B77AB612A7172CE59881705A52F59880A29A0F81E910A61D3D4506AB53B1F945611AFE079B96A896F3F01442D3B68801B2748C68AE01F6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>...<startup>....<supportedRuntime version="v4.0" />....<supportedRuntime version="v2.0.50727" />...</startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Diagnostics.DiagnosticSource" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAss

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.ini

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12
                                                                                                                                                                                                                                        Entropy (8bit):3.584962500721156
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:WhWC:Wr
                                                                                                                                                                                                                                        MD5:E4F836B4F3891BBADA14E96E3A14DA0B
                                                                                                                                                                                                                                        SHA1:7EE80364384F7B8D2E17F2A88CB525DE5EA35E0D
                                                                                                                                                                                                                                        SHA-256:F0F039EFB829B599B2848F130363C6C64ABF1715C3DBC909B3080E52BD88865C
                                                                                                                                                                                                                                        SHA-512:C7F31502846570D9BD3C3B570259ACABE9036A94A5D006F51A6C02E85CFA24B522D84C3BF9DFBFF091A2BD91B5F606537061E77917EFCB48ACB4E77C9A6DAA17
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:version=30.1

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):112168
                                                                                                                                                                                                                                        Entropy (8bit):6.180052759903044
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:QgssVbDRgWchiMWXRIe0ZMTR8U3XTknAxb2waOn3ybQgLbYpm8GRUdokEWUpj76F:QUpviy8UHTRxrybQgLbGm8FUpj3m
                                                                                                                                                                                                                                        MD5:97A69DDA383FBE34325726EBF08F71AB
                                                                                                                                                                                                                                        SHA1:5551E93C80FE2EF2C1D421CCB5F755C36D55A1B3
                                                                                                                                                                                                                                        SHA-256:D3C8B89DBAC2CB26FC0B1F5F7FAD9D549195A28D694455109CF618F5B38D33AF
                                                                                                                                                                                                                                        SHA-512:CA8147C0CFD338CDC99238B3B6AE6CC76B6EF1506F37E076B975ED8CA35C3CB262543ED8C88C9F4F72F1A6E8BDB41ECF8504F69C0B4D4F0C20FFE968C496A065
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..... g.........." ..0................. ........... ...............................~....`.....................................O.......8...............((..........L................................................ ............... ..H............text....... ...................... ..`.rsrc...8...........................@..@.reloc..............................@..B........................H.......0...."...........................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p( ...r...p(!.........("...(#.....&..*........00......:.(......}....*..0..Z............($...,......(%...*~..........(&........($...-..(....s'...........,..((.........(%...*..........&E.......0..G........{....,.(......5~)...r'..po*...rm..pr...po+...ta...r...p(,..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\CommunityToolkit.WinUI.Notifications.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):145448
                                                                                                                                                                                                                                        Entropy (8bit):6.203328996620754
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:QRdbKQx0YYK8gwbUEA5xZs0vVV2yzlhXhYThkyFqhtuElLVwkVJe5K+Q7P6IlIhj:E9XeDmzV2yzlhKLFU1lLVp1+2flYFnQG
                                                                                                                                                                                                                                        MD5:8DE7772DDF2A0DF4675EFD16E4735D4C
                                                                                                                                                                                                                                        SHA1:2F50EF70C9E13C2E6B4D75C9A975A05D7309FFE0
                                                                                                                                                                                                                                        SHA-256:3307A88999CBFAEC9D3380ED936AACDABB72B40731382D660023FAC12B97749A
                                                                                                                                                                                                                                        SHA-512:BBB520767A13C61C3BA34A9E1029FB734299A6FBC2D67F7C2BB265608665424CE2692EAB585DD9418C3BE7B89B93162D63243E2BDEC271A0A0B5444DA6E834B7
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....nI..........." ..0.............v$... ...@....... ....................................`.................................#$..O....@..|...............((...`......,#..T............................................ ............... ..H............text...|.... ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B................W$......H.............................."......................................V!.b.....s&........*..{....*"..}....*..0..Z........(....o'...-.r...ps(...zs......(....o)....+..o*.....o.....o0...o+....o....-....,..o......*........*.$N......J.s,...}.....(-...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*6.|.....(D...*..{....*"..}....*..{....*"..}....*V.(....-.r...p*.(....*..(E...%.(....o"...%.(....o$...%.(....o ...%.o....*..(-...*..{....*"..}....*..{ ...*"..} ...*..{!...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\CredentialManagement.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):38952
                                                                                                                                                                                                                                        Entropy (8bit):6.310977200199562
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:ZINsi1A6I1MLzHS0+iFJBn5gpKNEpYi60wgi:eNsii6v/HS0+OJd5gpKm76tgi
                                                                                                                                                                                                                                        MD5:37A74170412F7E806A24B640FCAE7EC6
                                                                                                                                                                                                                                        SHA1:90448127248633B5CE6A0B890F33F09A523A0D5E
                                                                                                                                                                                                                                        SHA-256:BC4B76BEB03D4B09B48441CB0039FEC91F844196E73A258AE6225E524B2BFCB5
                                                                                                                                                                                                                                        SHA-512:41E87A409E54E63C853041E966BE2E4E625469EE942DD251F64271EA2D8657D22B0C5F5404E43DDDC8EA55AE765A8168228A80BE8B2C1677974DB708FC58653E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H..T...........!.....f............... ........... ..............................f.....@....................................O....................p..((........................................................... ............... ..H............text...$d... ...f.................. ..`.rsrc................h..............@..@.reloc...............n..............@..B........................H........2...O...........................................................0..+.......s.........~....%.(.....s............(.....*..........#........,..%{.....`}....*.%{.....f_}....*..0..>.......................(....}=......}>......( ...}@......(....}?....*R.{....,.r...ps....z*:..(.....(....*...0............(.......(.....*...................J.{....-..&..}....*6.(.....{....*:.(......}....*6.(.....{....*..(.....(....,.r]..ps....z.o ... ....1.r]..ps!...z..}....*6.(.....{....*..(...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\EO.WebBrowser.WinForm.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):29224
                                                                                                                                                                                                                                        Entropy (8bit):6.671409310333907
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:QmYaXzmSJL6guJrdvc5tIZmQCaBj4QU3hOTVTDvAGvoOCcdcOFyF606Nyb8E9VFJ:8SJh5tIYQzT5zyF60aEpYi60b
                                                                                                                                                                                                                                        MD5:707F4569B38DFA3C72FDC964F8472C92
                                                                                                                                                                                                                                        SHA1:F98DB57DF20F0ED9310DF948837E57EF8D60719E
                                                                                                                                                                                                                                        SHA-256:0B78ABE856BB9DD793B81CC0771A5188F4A9B86DDCA57671E3E77CA4B7FA0192
                                                                                                                                                                                                                                        SHA-512:B8C4C1F28CAEF3FAC4F7B8C9A01413A2E2B351668E0E0B93D8BAD0C43219D175865C493C33A232F0C662174EFBCFA812E07DFD3C10AC63D17018E5372C59D760
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p;_f.........." ..0..B..........Na... ........... ...............................k....@..................................`..S....................J..((........................................................... ............... ..H............text...TA... ...B.................. ..`.rsrc................D..............@..@.reloc...............H..............@..B................0a......H....... 3...-.........../.......2.........................................}.....(......}.......(..... ....(..... ....(.....(....o....*"..(....*..(....*...(.....{....,..+..+.-..{.....o....o....*...0..?.........+..o....,..+..+.-..o....o....,..+..+.-..*.o......,..+..+.-..*..0..J.........(.....(....,..+..+.-2.{.....3#.{....,..+..+.-....s....}.....(.....(....*j....$...s..........(....&*z.{....,..+..+.-..(......(....*..{....*.0...........{.....;.....(....,..+..+.-...}....*.{....,.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\EO.WebBrowser.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):219176
                                                                                                                                                                                                                                        Entropy (8bit):6.062499353482465
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:gYq80gPJle2CpcKyudA1+PVtMG8e7sw9CcHvhlc:gYqqbe2CSod5dtM8ww7P4
                                                                                                                                                                                                                                        MD5:A1EE7DE3F698BF1EA25A8979D9E5152F
                                                                                                                                                                                                                                        SHA1:B8C58F0AFD24E322A032171B9A5AAA74114A50FD
                                                                                                                                                                                                                                        SHA-256:2A38E10454BFBD94AC61886A66AB46F498529924963EDDB95C9980DBD2EBC2C4
                                                                                                                                                                                                                                        SHA-512:77BFE85B53BC4B409D2C25629A19D29C1CD3F24DE212871B739FE97D8AF5D9B70E89E7DB6FF23FCC46E771F2431E7C97D3B17F08061ECB593F319E78501CA0A7
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j;_f.........." ..0..(...........F... ........... ....................................@.................................dF..W....`...............0..((........................................................... ............... ..H............text....&... ...(.................. ..`.rsrc........`.......*..............@..@.reloc..............................@..B.................F......H........S.......................S.......................................r...p(................s.........*...0...........o.....=3A.o......o......,..+..+.-.....o......(F.....,..+..+.:B......oK...*.o.... 7...@........o.......o.....o.....o........(F.......,..+..+.:t.....{f...,..+..+.-......-\.o........([.......~....(....,..+..+.-5.o........oF........ob.......,..+..+.-.....}f.....&......o.......o....*.o.....\3%.o.......o.......t......(......o....*.o.....]33.o.........1&.o........

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\FormControlsLibrary.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):302120
                                                                                                                                                                                                                                        Entropy (8bit):7.175764387769887
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:LVi5mx115y505H0jIfJMSFk9X0jIfJMSFk9p:hswJMykwwJMykp
                                                                                                                                                                                                                                        MD5:FD82F0A09F58BDBAB946BB48E8CFFC1D
                                                                                                                                                                                                                                        SHA1:93A3F10F4BA6AA84B4A9C3F7D2CA94548EFD6B83
                                                                                                                                                                                                                                        SHA-256:DCF71123BE9AB08F1A71F9F0987D6CBEFD53DC66B4A6BB6C8260ABEC145233BE
                                                                                                                                                                                                                                        SHA-512:A21C2C461340B47C80F9984AFAEB0A8783F0655A742FF5F7A2D16CDAD59D25E45959FD2299C7DB98BE13986F16E95E6774F38489824719DD92058ECEFB6C8680
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....J3..........." ..0..l............... ........... ....................................`.................................K...O....................t..((..............8............................................ ............... ..H............text....k... ...l.................. ..`.rsrc................n..............@..@.reloc...............r..............@..B........................H.......$W..(u..........L...X...........................................V.(......}......}....*..,..{.(..........,..p .@..(................s....(....*.~.......~....(....~.......~....(....*..0..........~.....(.....{.....{...+..(......{.....{3.~.....3..{.....p3.s>...s....%.o ...%.o!...(6...*.{.....{3"r...p.{.....{.....r...p.("...(#...*...0..$.......s$....o%...(&...o'...((......&.....*.................0..6.......r...p.().....-.r...p..q...(*.....q.....(+......&...*.*..........//..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\FormControlsLibrary.dll.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):432
                                                                                                                                                                                                                                        Entropy (8bit):5.0141792226861375
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:MMHdGzNFF7ap+5v5OXrRf/2//FicYo4xT:JduPF7NhOXrRH2/d9y
                                                                                                                                                                                                                                        MD5:8F6EB9E75E6A6F0C0D58FB697C10CEDF
                                                                                                                                                                                                                                        SHA1:6944935DFDC33E0C6DB26869BF25EDA85A2622D8
                                                                                                                                                                                                                                        SHA-256:E2B8677434501735FB0233ED0CC2FFEE5BF6FB4387C51DBCB2585A70E42E4F08
                                                                                                                                                                                                                                        SHA-512:A946252B2E3705EAE751A2672D4ADE1499ECEB28C48B4BE6150C4201EE20A7B9A4450C75E06B07F5DAA3528041A566931D988FBD0C2EA90240D61008895BA44A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\ICSharpCode.SharpZipLib.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):215080
                                                                                                                                                                                                                                        Entropy (8bit):6.0303185411774365
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:Y1uYsjrFIzmuxpOI/1MvCdRbpSISC8j7sg:XIzm6pOIgvr75
                                                                                                                                                                                                                                        MD5:EB52EB05FFA0E3CD25485581883796BE
                                                                                                                                                                                                                                        SHA1:BF9A76B2DB32FF3DB9AB999C34B51056A05EF288
                                                                                                                                                                                                                                        SHA-256:BF040E1C2BD2216D0D661F5C1EA4DF1F3526EEECF4EBCCDBA56DD677BB813F17
                                                                                                                                                                                                                                        SHA-512:3FA920BDB568B7BA87A4B0D4DBA594A04FEDA6CA6F56298AB5C4AE66F76671DC8B2A1CB6B12758B93470087DEB443120E7C985C2FAD217FC91CDBE27E5BC78DD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....*............" ..0..............'... ...@....... ..............................._....`..................................'..O....@..t............ ..((...`.......&..T............................................ ............... ..H............text........ ...................... ..`.rsrc...t....@......................@..@.reloc.......`......................@..B.................'......H........... ...................$&........................................( ...*"..(!...*&...("...*&...(#...*2.r...p(....*"..(....*&...(....*&...(....*2.rE..p(....*"..(....*&...(....*&...(....*2.r...p(....*"..(....*&...(....*&...(....*J..r...p($...(....*v....(%.....(%.....(%...(....*....L...%...%.r...p.%...%.r...p.%....%.r+..p.%...(&...(....*..(....*&...(....*&...(....*.0..)........{.........('...t......|......(...+...3.*....0..)........{.........()...t......|......(...+...3.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\Microsoft.ApplicationInsights.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):398888
                                                                                                                                                                                                                                        Entropy (8bit):6.134117423700613
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:yjS6t1sm5LldNolZIkImcTi077Keb0wi0Lcr4so8mysKTqRjMnM6/Zmvk:y+e55LgIkTmyAAfTnMLvk
                                                                                                                                                                                                                                        MD5:30A9C0DABB202EE229EC55D4130D3D31
                                                                                                                                                                                                                                        SHA1:9DFD72765AFE775560F0871B089380736DE565CA
                                                                                                                                                                                                                                        SHA-256:54CC4581F6D88F77BFE4DB8628D763E9D111836024476C58B43135E9B07B808E
                                                                                                                                                                                                                                        SHA-512:8B092220F4F825E21CC1F20F52563CB0A812D7EE885B3FF4B618343BF5FBE61A32A3587E6CF19293C2E76A99AA156BBF096BAFC585CA9FFDF56FBB56BEDFC72A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ... ....... .......................`......@9....`.................................v...O.... ..................((...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........P...................$.........................................{)...*..{*...*V.(+.....}).....}*...*...0..;........u......,/(,....{)....{)...o-...,.(.....{*....{*...o/...*.*. S]G. )UU.Z(,....{)...o0...X )UU.Z(.....{*...o1...X*.0...........r...p......%..{)....................-.q.............-.&.+.......o2....%..{*....................-.q.............-.&.+.......o2....(3...*..{4...*..{5...*..{6...*..{7...*..(+.....}4.....}5.....}6......}7...*....0..k........u......,_(,

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\Newtonsoft.Json.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):710184
                                                                                                                                                                                                                                        Entropy (8bit):5.96062510170894
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:vBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUd:vBjk38WuBcAbwoA/BkjSHXP36RMGU
                                                                                                                                                                                                                                        MD5:9BAE200AC815334531D1EBD0B2328050
                                                                                                                                                                                                                                        SHA1:9757F595684A41065A7B326DF777D9F5E2384A7B
                                                                                                                                                                                                                                        SHA-256:5E67AE7EC5BB6A12B46C7C4028C76580C4A8BD583A4A6B63AE3A417CA9D669D3
                                                                                                                                                                                                                                        SHA-512:5959B41DC37199C03783022227D456C7DC2D81BFC8F6E6321DE4F968276CB83BC6D420C1665D0092D5B89C56F726F7C25DAD78B7D8DA7583F952A19294A3358D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p$?..........." ..0.............B.... ........... ....................... ............`....................................O.......................((.......... ...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................$.......H.......x...(9............................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\QRCoder.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):154664
                                                                                                                                                                                                                                        Entropy (8bit):5.990669081913453
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:q4wM6OoRu7qywKsqxhDuPr5xJMnOfMAw3TkHjt0QQNOWIkHUsz72otHA3nXyy:q4wZywKn/U5xEwKIk0WI
                                                                                                                                                                                                                                        MD5:6BC1F35C566DB4ECD8BAF3743D2870E6
                                                                                                                                                                                                                                        SHA1:601715D1D9819B47C82B319FE2A4997BA309E253
                                                                                                                                                                                                                                        SHA-256:A06603E1BED06E77D6AF9F074B5B9C38FC1EF071642DEBB9CA7346E7A0DE43BA
                                                                                                                                                                                                                                        SHA-512:8FB6F9F2633FAD6E52EBD72508B6ABFB018D084FAE208E5DB78058A4C56440241606F37EAB30BBFDAB9FB12A47A5355B077884CEEEB45DEB6362F818358ADB24
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...}.b..........." ..0..*..........6&... ...`....... ..............................H.....@..................................%..O....`...............4..((...........%..T............................................ ............... ..H............text....)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............2..............@..B.................&......H............D...................$........................................{....*..{....*V.(......}......}....*...0..A........u........4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. R..0 )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q.........-.&.+.......o ....%..{.......%q.........-.&.+.......o ....(!...*..{....*"..}....*..(....*:.(......(....*"..(....*f.(....%-.&+.(b.....(....*..(....*"..(....*...0..%.........("...(#...($....#.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Buffers.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22056
                                                                                                                                                                                                                                        Entropy (8bit):6.668355487331651
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:/rMdp9yXOfPfAxR5zwWvYW8aznNyb8E9VF6IYijSJIVxAwBr:/rMcXP64LEpYi605r
                                                                                                                                                                                                                                        MD5:605210914808A62CA857B3F8D108B90D
                                                                                                                                                                                                                                        SHA1:64E76CDB5B64664EF47670B9163BE8A9D50E548D
                                                                                                                                                                                                                                        SHA-256:C898601F4343913B0F1E9858A743AAA9EDB939C038A9C53533BACF8337FD9B71
                                                                                                                                                                                                                                        SHA-512:C0EEF0A097805E6F430E7FE593387CE8F03C6E5C5F921EDCA6B61378DF0A928EBA12945AB7ABC7A347BEA3F463B3E2CAF811B832EE832B30BA03B244D60D901E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..$..........BC... ...`....... ..............................f-....@..................................B..O....`..@...............((...........A............................................... ............... ..H............text...H#... ...$.................. ..`.rsrc...@....`.......&..............@..@.reloc...............,..............@..B................$C......H........'...............?..X...8A......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*B.....(.........*R.....(...+%-.&(!...*^.....("....(...+&~....*.s$...*"..s%...*..(&...*.*....0......................

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Data.SQLite.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):420392
                                                                                                                                                                                                                                        Entropy (8bit):6.109606170124341
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:u5douWvsWkOfjL/MEd6/7vfA8SCW1nFNFfcaFeFOFwcGF6cmFWc0FWc8cIcKcUFL:upjblhW1r
                                                                                                                                                                                                                                        MD5:C5F7EE9E0C29B6C6EEAEFB5CCA587583
                                                                                                                                                                                                                                        SHA1:899F92435FA37001A2A1C68F02FF2AA08398F074
                                                                                                                                                                                                                                        SHA-256:A3F70425EBD28D6C5D908375411BF1495480DF1A4E74FB4DB55890830B54070B
                                                                                                                                                                                                                                        SHA-512:017A9818F2E294F801179A8A06166539F83EE2C6F7170AD3E3594BC08DF38F95B8EDE0B767AEABB1D9208EA59200586573AC896B22EE6318987339019A7514CE
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....d.........." ..0..8...........T... ...`....... ....................................`..................................T..O....`..p............B..((..........XS............................................... ............... ..H............text... 6... ...8.................. ..`.rsrc...p....`.......:..............@..@.reloc...............@..............@..B.................T......H........X..\V.................R......................................:.(;.....}....*..{....*:.(;.....}....*..{....*...0...........~<...}.....r...p}........(.....(.....(.....r)..p.(........(u.....~<...(=...,z.....s....}.......}.......}............{............%......(>....%...D....%...!....%...%.........%....%.........s....(B...*vra..p.(....,...}....*..}....*..{....*vr...p.(....,...}....*..}....*..{....*z.{....,......(>...o?...s@...z*.0..(........{....-..(......o....&....(j

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Diagnostics.DiagnosticSource.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):64040
                                                                                                                                                                                                                                        Entropy (8bit):6.267139970059605
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:AYDFPV3uv9niVSmzPFX8lpJ6TJPe4TW9Lvu2perEuaRtIvqUl1FHEpYi607zg:AKC9niwOepJ6TJPeb6NIUFg76Kzg
                                                                                                                                                                                                                                        MD5:9EE2967BB286D1A63BD8E0087A8661BE
                                                                                                                                                                                                                                        SHA1:AF02F80E82D27D1EF55CD9902C2DD43A2E1567BF
                                                                                                                                                                                                                                        SHA-256:E13E0D62F93E846A783D5D719D09AAB06FA4F61A15B660460ED1D08061C25C6A
                                                                                                                                                                                                                                        SHA-512:AE58531F097A10F751FAE04432059C1105F24405AF06E93CB48635F2A102B73DB653B84E85A9824265E68338B03829ED0935AF34FB40265711FA02A081671A46
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....[............" ..0.................. ........... .......................@............`.................................k...O....... ...............((... ..........8............................................ ............... ..H............text........ ...................... ..`.rsrc... ...........................@..@.reloc....... ......................@..B........................H........[..h...........(.......0.........................................{#...*:.($.....}#...*..0..#........u......,.(%....{#....{#...o&...*.*v ..yN )UU.Z(%....{#...o'...X*....0..M........r...p......%..{#....................-.q.............-.&.+.......o(....()...*..{*...*:.($.....}*...*.0..#........u......,.(%....{*....{*...o&...*.*v ..:. )UU.Z(%....{*...o'...X*....0..M........r-..p......%..{*....................-.q.............-.&.+.......o(....()...*..{+...*..{,...*V.($...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Memory.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):142376
                                                                                                                                                                                                                                        Entropy (8bit):6.160698125720867
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:GUGrszKKLBFa9DvrJGeesIf3afNs2AldfIlq4:xBFd3/aFs2d
                                                                                                                                                                                                                                        MD5:82CF1FECB4D590BC03BEFF0336FB8CD0
                                                                                                                                                                                                                                        SHA1:CDE93175B010A14679BC4DAC27E3A9D36F2C7B8B
                                                                                                                                                                                                                                        SHA-256:45653A5E5940E9F8158235F3B5534C5DF47E9E9A5568AE60040A03B3451D03B1
                                                                                                                                                                                                                                        SHA-512:ED713069ECEE9DB6F94355DDA815B9FC7A689E76678476EB0C908388014BC88F4625FF310BB8B65B5F470B236830C5B3650EC5ABA56BE2EF5ACAC3873626F20E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0.................. ... ....... .......................`.......\....@.................................X...O.... ..0...............((...@...... ................................................ ............... ..H............text........ ...................... ..`.rsrc...0.... ......................@..@.reloc.......@......................@..B........................H........,................................................................('...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....((...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o)....{....(a...*..(....zN........o*...s+...*.(....z.s,...*..(....zF(U....(O...s-...*.(....z.(V...s-...*.(....z.s....*.(....z.s/...*..(....zN........o*...s0...*.(....zrr...p(\....c.K...(O...s1...*.(....zBr...p(Y...s1...*.(....z.s2...*.(....z.(X...s3...*.(!...z.(_...s3...*.(#...z

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Numerics.Vectors.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):110120
                                                                                                                                                                                                                                        Entropy (8bit):5.511508970225241
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:1POw0SUUKw+GbgjMV+fCY1UiiGZ6qetMXIAMZ2zstK/Yb76J:1Ww0SUUKBM8aOUiiGw7qa9tK/Yb2
                                                                                                                                                                                                                                        MD5:00B3D67D45C71784C7B4D3BB30547E9C
                                                                                                                                                                                                                                        SHA1:60C1D92D6A31AE50C9F780C7B31C9F6B7D15F1C9
                                                                                                                                                                                                                                        SHA-256:2E21AE066913936DC41D3563F355F81327265FAB501B339023E48352E35BF132
                                                                                                                                                                                                                                        SHA-512:1389DC57A1C8D37EFC7377232383D540134FD18A67CEC3F702FD0BAE0EF90E179CD0F3F2F3592EAD227F139AB88DBC06971A63A5C8DB1CE164B04FE744C54BD2
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0..v............... ........... ..............................S.....@.................................f...O.......................((.......................................................... ............... ..H............text....u... ...v.................. ..`.rsrc................x..............@..@.reloc..............................@..B........................H........Q..|?..........$... ...D.........................................(....*&.l(....k*&.l(....k*..l.l(....k*..l.l(....k*&.l(....k*&.l(....k*&.l(....k*j~....%-.&(....s....%.....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2rG..p.(....*2r...p.(....*2r...p.(.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):17960
                                                                                                                                                                                                                                        Entropy (8bit):6.669890024742661
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Sh06sbbVVPWU2WYNNyb8E9VF6IYijSJIVxeBEWr3m:Sy9gpEpYi60AXW
                                                                                                                                                                                                                                        MD5:18130E186CFE1DD3BFEAB111DD0FAE32
                                                                                                                                                                                                                                        SHA1:B519EA32B0B0F1B00B75FBB2AF5D99F91D24BC70
                                                                                                                                                                                                                                        SHA-256:3DF3784F25B3EE4FD24E7B0A0770C0280B09F7CD984E94F622F98E39466E654B
                                                                                                                                                                                                                                        SHA-512:38625510113ED4038C9216DE0B969EA18CEE201C89A2E861D46C149A36F609B16ABF4D89DF57DD783F118C5C7B93520C8D2BCADC961E351A62D88913CD5EF1D6
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....._...........!.................3... ...@....@.. ..............................7.....@.................................@3..K....@..................((...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p3......H........$..0...................P ......................................._.%c......=.n')...(v..:}.d...3...B...).. .:Q(....L.jt....}Xv.b7y0r.[..$.....q..c.6.....p..2..qHv/.pb.=..9.o"z.. 0P.t%H....U...0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0..........*....0................*..0...............*...0..............

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.ValueTuple.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):19496
                                                                                                                                                                                                                                        Entropy (8bit):6.523111004922817
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:7yPa16oAL4D+wW9IWmDIW4IWYDa9Nyb8E9VF6IYijSJIVxFtfV:7Ws6oqDjADKeDa5EpYi60/V
                                                                                                                                                                                                                                        MD5:567881C8D62A69733878564CA833B403
                                                                                                                                                                                                                                        SHA1:41B4994EB6C5896A4244B417A490A58D462B75DC
                                                                                                                                                                                                                                        SHA-256:D1837A1C9BF26CD129F672FC7191239AECEA5936E87A5BE101BB0649C1392EAD
                                                                                                                                                                                                                                        SHA-512:063B0FBB266D0E4EAF52B4B4EE0C327F1CC2FA7963D7024F7905EB6E5206D42983FD875A816983C935B1BA9EF55113A524A36560BC38F5E403BD3FB94EFCAF45
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0.............b2... ...@....... ..............................Q\....@..................................2..O....@...............$..((...`......x1............................................... ............... ..H............text...h.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................B2......H........!..T....................0......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2r[..p.(....*B.....(.........*.BSJB............v4.0.30319......l...4...#~..........#Strings....t.......#US.@.......

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingNotifications.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):41512
                                                                                                                                                                                                                                        Entropy (8bit):6.408844229157189
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:ZjfAw5tisU7Mkvwtwq6uUQ/B0X5tl9wCVjkz3pVS3UpoztjBFtNyb8E9VF6IYijx:ZksU74GX7nwOa5VS2ozdBFJEpYi60BZ
                                                                                                                                                                                                                                        MD5:A5C8328575581E4D41D9B41619EC09CC
                                                                                                                                                                                                                                        SHA1:ECF10FE71F38457C2E6C1302150E33F205282318
                                                                                                                                                                                                                                        SHA-256:978A57BAA3D95D3EF26EF8397E92C3F8F3FDC3CDF24D34B67F3BDB5FAB834D05
                                                                                                                                                                                                                                        SHA-512:011C577B1DB257D52D20CEBC1847B7A036453C3CD38968BEED9E558E502C84DBF3592D2C70183A8D7BF6FD60FBD01555A6DADAD44741ABCDC94E5CB83151B067
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....M+g.........."...0..n..........r.... ........@.. .............................. B....`................................. ...O....................z..((.......................................................... ............... ..H............text...xm... ...n.................. ..`.rsrc................p..............@..@.reloc...............x..............@..B................T.......H........!...............1..@Z............................................(....*.~....-.r...p.....(....o....s.........~....*.~....*.......*j(....rY..p~....o....t....*.~....*..(....*Vs....(....t.........*.(.....(....(......,....s....o....*(....*.0..........(....o ...rm..p(!...(".....'...%.. .o#......i./..|s$......)...(.......(%....)...o&.......o'......i.0..+....o(......i.0..+....o)......i....+....o*...s+....o,.....,..(-.....&..*..................0..........(.... ....`(/.....&.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingNotifications.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1547
                                                                                                                                                                                                                                        Entropy (8bit):5.008195800038022
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:JdsIOvPF7NhOXrRH2/dVxlPH2/FVQ7uH2/FVruH2/+mV0PH2/+w39y:3sIk7O7RgdjdgFSagFgg+msg+w3w
                                                                                                                                                                                                                                        MD5:029F543956E8B235A70112C77912150A
                                                                                                                                                                                                                                        SHA1:8F8916C78D9D3E5F92C37BDD39D34CD3B79BECA6
                                                                                                                                                                                                                                        SHA-256:33720B1985FE3F07F13744963085FA641F452EC393C3C8987A6023D0BC493BD1
                                                                                                                                                                                                                                        SHA-512:CF6EF25E7FD7E0B04A4F76B1552621874DAAA43838D0C028E62D1AABFFCD57AC7086A174BE9D5AF283DE8E8F09B5B40505478978102A1D8351681532B3828A38
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>...<startup>....<supportedRuntime version="v4.0" />....<supportedRuntime version="v2.0.50727" />...</startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Diagnostics.DiagnosticSource" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAss

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):79912
                                                                                                                                                                                                                                        Entropy (8bit):6.0518541609970535
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:fK7G/lnhlforkV5/EmaScsU7cywzLFTw76L9:fthlQAV5/PaFsU7cyQFTwa9
                                                                                                                                                                                                                                        MD5:4280F0FBC4E40A71E2E03D18CE1BE1F5
                                                                                                                                                                                                                                        SHA1:80C396D199D31E9E5B8EC85C3F1B2BC206973BEA
                                                                                                                                                                                                                                        SHA-256:99CCAB5EA739DFD2B0ED4DA2832AC75756AE02FF04143C0B1941784AB4CF8BAD
                                                                                                                                                                                                                                        SHA-512:27B584B0FD10F681EE6D8372B4F32FD418593908FF27EC3F681FAE2C3DF3B8A3E3D18B6D40D3935E559280563F8D84E9D4725E73CA421EE9DC2FFC44ACD1546C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....i............" ..0.............*$... ...@....... ...............................q....`..................................#..O....@..................((...`...... #..8............................................ ............... ..H............text...0.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................$......H.......hY...............................................................0..........(....(.....r...p... .....r...p..(......o......(.....o......(.....o..........s......[o......s....%.o........o .....s!..........s"...%......io#...o$.....o%...(&.........,...o'......*......y.,........0..........(....(.....r...p... .....r...p..(......o......(.....o.......((.........s......[o......s....%.o........o).......s*..........s"......i.l...........io+.....(.........o,.........,...o'......*.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):953
                                                                                                                                                                                                                                        Entropy (8bit):4.9874198404771155
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:JduPF7NhOXrRH2/dVxlPH2/FVQ7uH2/F9y:327O7RgdjdgFSagFw
                                                                                                                                                                                                                                        MD5:8C9F9547ABA4CD154FAA858695986C4E
                                                                                                                                                                                                                                        SHA1:667630B8AEA31C20C20EE569983B73028F0DBA21
                                                                                                                                                                                                                                        SHA-256:7DE06E53089587194D3669B5F2050B363CC2AC1BC66F0537EC4D7AD94357D46F
                                                                                                                                                                                                                                        SHA-512:C305E923A197E2C39813D423FE50D94F183E932BCC66DBEE5667AD7F4083254D50510E35ED3603555FEB4C42F580C8A1FA3D1568CC7305D22B79AB406607F836
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Diagnostics.DiagnosticSource" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingTray.exe (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):351272
                                                                                                                                                                                                                                        Entropy (8bit):2.9077205572565528
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:lGO21tSb/jb5aEH8VAynnnnnnnnnnnnnnn8XZH:lR5X
                                                                                                                                                                                                                                        MD5:5A59A3D00878BC0F1F678AF81A0439DF
                                                                                                                                                                                                                                        SHA1:0FD59FB8A57A4965F5A28BB7C59E72A0A76761E2
                                                                                                                                                                                                                                        SHA-256:6FC476950C00E8ADC245F58ADF9EE1E2C17DD34F1AA004285148F85CE651BDA6
                                                                                                                                                                                                                                        SHA-512:0512DBA7A45310D40415023DB3BC081E17636B7E3DE06D06EBE841EB0877B302BE67354B825C8F2E50FEDA34458E807D307A58E65BB7DF811CC9A4D2A81F5A5C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....M+g.........."...0......d........... ........@.. ....................................`.....................................O........a...........4..((........................................................... ............... ..H............text........ ...................... ..`.rsrc....a.......b..................@..@.reloc...............2..............@..B........................H........*..h&..........(Q..`............................................0............,t.....r...p(....-..r...p(....-..r...p(....-)+G(....(.....p...(....,.(....+*(.....X...(......,..(.... ....(....+..8...s.........(.... ....`(.......(....rA..p(....rQ..p.%-.&.+.o....(....(......r]..pry..p(....( ...(....,......(....,......(!....("...(#....o$..........s%...(&...(....%(....('...r]..pr...p(....( ...((...s)........~....(*...r]..pr...p(....( ...((....C..r...p(....(+...((...(....rA..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingTray.exe.config (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1786
                                                                                                                                                                                                                                        Entropy (8bit):4.998101412964689
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3sIk7O7RgdjdgFSagFgg+msg+w3Zg+wBw:8TizwzH
                                                                                                                                                                                                                                        MD5:DACBD4EDD0163701F63ADA3E81D8540E
                                                                                                                                                                                                                                        SHA1:219647896B3575AA8A07E2903D50304919C27CA7
                                                                                                                                                                                                                                        SHA-256:DF0FBC7B2A5449681549C81B7EB77B2CE8D3C0C62244C39442A73A0291124BCB
                                                                                                                                                                                                                                        SHA-512:5C725DEE661DF9FFE6D3723606FAF98F0B16094DAFC011CDE062436B351671E952A2C6CFA218E08785DBC2E69E97EC8218E1447683C1450C5BF9CCDC75C2EA73
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>...<startup>....<supportedRuntime version="v4.0" />....<supportedRuntime version="v2.0.50727" />...</startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Diagnostics.DiagnosticSource" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAss

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingTrayTMP.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):351272
                                                                                                                                                                                                                                        Entropy (8bit):2.9077205572565528
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:lGO21tSb/jb5aEH8VAynnnnnnnnnnnnnnn8XZH:lR5X
                                                                                                                                                                                                                                        MD5:5A59A3D00878BC0F1F678AF81A0439DF
                                                                                                                                                                                                                                        SHA1:0FD59FB8A57A4965F5A28BB7C59E72A0A76761E2
                                                                                                                                                                                                                                        SHA-256:6FC476950C00E8ADC245F58ADF9EE1E2C17DD34F1AA004285148F85CE651BDA6
                                                                                                                                                                                                                                        SHA-512:0512DBA7A45310D40415023DB3BC081E17636B7E3DE06D06EBE841EB0877B302BE67354B825C8F2E50FEDA34458E807D307A58E65BB7DF811CC9A4D2A81F5A5C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....M+g.........."...0......d........... ........@.. ....................................`.....................................O........a...........4..((........................................................... ............... ..H............text........ ...................... ..`.rsrc....a.......b..................@..@.reloc...............2..............@..B........................H........*..h&..........(Q..`............................................0............,t.....r...p(....-..r...p(....-..r...p(....-)+G(....(.....p...(....,.(....+*(.....X...(......,..(.... ....(....+..8...s.........(.... ....`(.......(....rA..p(....rQ..p.%-.&.+.o....(....(......r]..pry..p(....( ...(....,......(....,......(!....("...(#....o$..........s%...(&...(....%(....('...r]..pr...p(....( ...((...s)........~....(*...r]..pr...p(....( ...((....C..r...p(....(+...((...(....rA..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingTrayTMP.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1786
                                                                                                                                                                                                                                        Entropy (8bit):4.998101412964689
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:3sIk7O7RgdjdgFSagFgg+msg+w3Zg+wBw:8TizwzH
                                                                                                                                                                                                                                        MD5:DACBD4EDD0163701F63ADA3E81D8540E
                                                                                                                                                                                                                                        SHA1:219647896B3575AA8A07E2903D50304919C27CA7
                                                                                                                                                                                                                                        SHA-256:DF0FBC7B2A5449681549C81B7EB77B2CE8D3C0C62244C39442A73A0291124BCB
                                                                                                                                                                                                                                        SHA-512:5C725DEE661DF9FFE6D3723606FAF98F0B16094DAFC011CDE062436B351671E952A2C6CFA218E08785DBC2E69E97EC8218E1447683C1450C5BF9CCDC75C2EA73
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>...<startup>....<supportedRuntime version="v4.0" />....<supportedRuntime version="v2.0.50727" />...</startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Diagnostics.DiagnosticSource" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAss

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\UserDetections.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):59944
                                                                                                                                                                                                                                        Entropy (8bit):6.130879435815544
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:f6O442hHI1kIHLxnuFjBm+UuLcxVePk+CXVT+rB9ezGREpYi60cB:f6O4JuxnT+UuLMcBClyrvGGa76HB
                                                                                                                                                                                                                                        MD5:59864C477F3C1F03DEAD4ABC720F6E17
                                                                                                                                                                                                                                        SHA1:31187ED10389FB0758491719F1FD49A1DAA9961A
                                                                                                                                                                                                                                        SHA-256:F192BF7246AB25C5E6279CFBDA87EF7F187F43E15102F9FEDBCDD64F22A1914F
                                                                                                                                                                                                                                        SHA-512:621FB602D6CA323B224E726E8ECC294BEC2E57D2B8B693CA622A9A3D988EF8A97D6DFFC98C3C2D1F2A22E218BB7E54F409087C75D456B5B5DBC57298A964F82D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\UserDetections.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ....................... ............`.................................m...O.......................((..............8............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........X..0.............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..s....}.....s....}.....(......o8...(...+}....*..0...........{....o.....8......(.....s.......}E.....u....}D....{D...,........s....(....&+ms.......}G.....u....}F....{F...,........s....(....&+8s.........}I......u....}H.....{H...,.........s....(....&..(....:J.............o.....*.................0..I........{....o.....{....o.....+...(

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\UserDetections.dll.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1191
                                                                                                                                                                                                                                        Entropy (8bit):4.971943087661362
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:JduPF7NhOXrRH2/dVQ7uH2/FVxlPH2/FV0PH2/+w39y:327O7RgdSagFjdgFsg+w3w
                                                                                                                                                                                                                                        MD5:B8E88B1C181AFEB535BFEA1155000E8E
                                                                                                                                                                                                                                        SHA1:EB9066E96542DCE5F35DBF2F1424FD79ACEBB65F
                                                                                                                                                                                                                                        SHA-256:5D094CC46FED5173A2B1BE4C8E5DBDB658D2C14ABD367C47DFC6F6EABD5F295C
                                                                                                                                                                                                                                        SHA-512:58459651D3358FDDD4114AB569786A2306338C08D27D3D449BE2084EAE9D4A619C5650D3699DCA6702AEFDE8F9E77FD9E56C87EF51D4A8CCB2A22A378C488C37
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Diagnostics.DiagnosticSource" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Buffers" publicKeyToken="cc7b13ffcd

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\log.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1006
                                                                                                                                                                                                                                        Entropy (8bit):5.216607041955001
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:GOSHCniIqr4CaniIYpSVGYSEuhdrC7U4APUrB:VSHoiKhiJwVGDEmOUxgB
                                                                                                                                                                                                                                        MD5:FC1B0C84BF9119A0C26D501E1B8C79F2
                                                                                                                                                                                                                                        SHA1:769522C2B8A7218E2D8337DEE96C8CF9657E50C5
                                                                                                                                                                                                                                        SHA-256:980ABF11709BC92BD42C29C3AF4C892BCB36989E28A17534EDDF3FD2BC6B8311
                                                                                                                                                                                                                                        SHA-512:888AC28B54C08E9D31FA8571E727F11A2E8790E0AC79C605B75AD3A6FF595F5B95933AA636B5D7FCC7DA08C9C9F66994415D0F6168A36E15F919A158B1D5F1AD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..10/11/2024 12:48:04 Problem: Failed to extract path: .. Exception: System.IO.FileNotFoundException: Could not load file or assembly 'ICSharpCode.SharpZipLib, Version=1.3.3.11, Culture=neutral, PublicKeyToken=1b03e6acf1164f73' or one of its dependencies. The system cannot find the file specified...File name: 'ICSharpCode.SharpZipLib, Version=1.3.3.11, Culture=neutral, PublicKeyToken=1b03e6acf1164f73'.. at TicketingPackageExtensions.DownloadAndUnzipNuget.ExtractZipFile(MemoryStream archiveFileStream, String password, String targetPath).. at TicketingPackageExtensions.DownloadAndUnzipNuget.RunSync(List`1 downloadRepos, String targetPath)....WRN: Assembly binding logging is turned OFF...To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1...Note: There is some performance penalty associated with assembly bind failure logging...To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableL

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\t2tWinFormAppBarLib.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):23080
                                                                                                                                                                                                                                        Entropy (8bit):6.496637771650592
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:4LOGTOwM15TRwLm6or29Nyb8E9VF6IYijSJIVxyyqT:4nMTR0Pa25EpYi60q
                                                                                                                                                                                                                                        MD5:BD64C182A6328A0447CEB7B95594CD03
                                                                                                                                                                                                                                        SHA1:7CC8D0CD30F18DB3F6DF653C09ED84E772E154CF
                                                                                                                                                                                                                                        SHA-256:409F42114C6E8C2CA2A0CBEB381BC5FECEE8F874100069062779EAC0E1F026B7
                                                                                                                                                                                                                                        SHA-512:BB02105BB595FF185D0DC46716717209C3A033534FB297B930919AE761D0F2288292E0730CAB41B903347BBEB72B3EE6D0A3B743F3EF12A208654F506409354A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....\.\.........." ..0..(...........G... ...`....... ..............................8J....`..................................F..O....`..L............2..((...........E............................................... ............... ..H............text...4'... ...(.................. ..`.rsrc...L....`.......*..............@..@.reloc...............0..............@..B.................G......H........)..$............................................................~....*.......**...(.....*...0...........~.....o......,..~.....o......+i.s(...%.o.....%.o.....%.o.....%.o.....%.o....o ....%.o....o"....%.o....o$....%.o....o&.....~......o........+..*..0............(.......o....o.......o%...o................o!......(....}.......o!......(....}.......o!......(.....o#.......(....X}.......o!......(.....o#.......(....X}..............s..........%..o.....#....%........o ...&*...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\x64\SQLite.Interop.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1817640
                                                                                                                                                                                                                                        Entropy (8bit):6.5513719499124194
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:x9EeNSPwEW3cFSI4Tfm3hvbHsjAJcAMkPn:x9Nzm31PMon
                                                                                                                                                                                                                                        MD5:05340978B996457954B18B985C27B353
                                                                                                                                                                                                                                        SHA1:00C6DA1D707F3A892549023DD7E6A9E702ADA7B6
                                                                                                                                                                                                                                        SHA-256:B2C723A9EA911B88BBE1EF2F3B51DBB156E4F525DEA7294EDB24B3D05E31560C
                                                                                                                                                                                                                                        SHA-512:0D9F688708BADE4E6B0B282A3ECED8B9EC2EF9717D0B36DD8214B207C631C75BF902C9FB247AEF6E1496EC48CD63DA4E9D006634A7D1B58ACA6A6FC97010B0B4
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........nN\.. ... ... .Q..... .Q...e. .Q..... ..Q#... ..Q%... ..Q$... .8..... ..].... ...!.~. .rQ(... .rQ ... .wQ.... .rQ"... .Rich.. .........................PE..d.....d.........." ................................................................j.....`.................................................P...x................!......((...........@..p............................A...............................................text...0........................... ..`.rdata...1.......2..................@..@.data....`... ...J..................@....pdata...!......."...P..............@..@.gfids...............r..............@..@.rsrc................t..............@..@.reloc...............~..............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\x86\SQLite.Interop.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1436200
                                                                                                                                                                                                                                        Entropy (8bit):6.7813386810105865
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:Vs5ThI+vIjDEzn7tcBGtYnxLbdVlRdouD5RawYkGq78Yr4i9YE1tOvhefHXCvEs3:AlI+vIjE7mjOuKa8Riy+gvhaIn2+0U
                                                                                                                                                                                                                                        MD5:64495CDE32937D4E290475D65956A4C9
                                                                                                                                                                                                                                        SHA1:B51B42D7FB5185928069F22C70C1303037F11D3C
                                                                                                                                                                                                                                        SHA-256:AC66BC7D48BEDE595CD8D60395B622B6971A21809D7AE9828B3B32477E6049D9
                                                                                                                                                                                                                                        SHA-512:CD0C009C898F36D6574CF19F7B64321C8D312A6B62586DAE90B4CFBFB88B963A4BEB0218119225B2B270CCB28318F87E26880BB2A3FFE838A69AF57F6DB096BB
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v..{2..(2..(2..(.*W(...(.*U(...(.*T(...(..)%..(..)'..(..)=..(.Im(:..(,.5(1..(2..(...(..)3..(..)3..(..Y(3..(..)3..(Rich2..(........PE..L.....d...........!.....f...X............................................................@.........................P...t.......x....`..................((...p..X...@...p...............................@...............H............................text....d.......f.................. ..`.rdata..............j..............@..@.data....8.......,..................@....gfids.......P.......&..............@..@.rsrc........`.......(..............@..@.reloc..X....p.......2..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent.zip

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):583489
                                                                                                                                                                                                                                        Entropy (8bit):7.99944408666799
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:12288:CLLJGMlifhYeKrN8qSQDqPVK04BwQjtVcUf7DmZMilOugjC6w:GwfhYeKraZQDqPY0E/4Uf7owugjm
                                                                                                                                                                                                                                        MD5:9614D1DA18956DE06747C03068208D66
                                                                                                                                                                                                                                        SHA1:FEA2680DDB9E4CEEA8489A132DF9A1542FEBFE88
                                                                                                                                                                                                                                        SHA-256:DDE9E0CA3FD274902F1A4C22CFEC6870C6C4DBBCCAD17D2189477AB60F769DAB
                                                                                                                                                                                                                                        SHA-512:D8E46A5819E9DCED61471966646DE153BF3480933054C50190D50DE4900685265367B12C9147630F184CE8809786FC010BF6FCD1884035FB4C77CFDE660A8B9D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:PK..-......q1Y............5...AgentPackageUpgradeAgent/AgentPackageUpgradeAgent.exe....0........d.......o.H..:|p^xA......v.g.J..r:.....@..Q..H..^"]....G..... |...o.<?%....#".....3_s....c..JN.j..Vg_.....$...".,=T.=..5.b.U-..5..7"..H.....9462.._.Mb.e....&.cJ.+!:.....7H]p..#..()6~..0...|8..\......~.D..M.R..Y-[.efI...O..3..\.D.O.V."..0....l.....~.zdP.Hh.r.^R.z5 .=b.....%.X....(..E..T].'bk..ir...V...|.M....=...<..e...5... ...V./.....,....{..-.xa..s.}.e.{........y.%.LY^..HnIp.;....+.Gy.. .Z..e2.bxOy.._...L..g.F.{.C.....9......T.^.I.........NK4.a..4...cf<..@.GI..q..L7.]..f.g[.......E|{x...1....E...8..!.u..g..^%....Y.5^..|...H.....&hQ..E..i(:.6.............)A...Q=..).l..bs#5......./..Q.3..8.-......f@WV.d]i".{d[..v.p.l+.WO.]L...x<....rz#.*i......!.-.F*.:\9.%.cI.Y...=..f.\....9?.v,..}<../<c...U..C._o....'. .;..$,.. .Y......z..m.........#t.<..i..s....u...D..}5O..5O......j..O.../.%8.p.5...@....M....[rG...L.o...J2..<rS...[i<....})}....[x.....v^..=.su....Oy@g....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):55344
                                                                                                                                                                                                                                        Entropy (8bit):5.801614737823664
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:R4DgbepEIgcvDiMd+R5B153ieGuftxw5dfiGoxkEpYinAMxCN4:Rr4EIgcxdQdGuftxw5dfiZd7Hxe4
                                                                                                                                                                                                                                        MD5:D11B2139D29E79D795054C3866898B7F
                                                                                                                                                                                                                                        SHA1:020581C77ED4BC01C3F3912F304A46C12CA443E6
                                                                                                                                                                                                                                        SHA-256:11CDB5EC172389F93F80D8EFF0B9E5D4A98CFEAB6F2C0E0BC301A6895A747566
                                                                                                                                                                                                                                        SHA-512:DE5DEF2EFCBA83A4B9301DD342391C306CF68D0BB64104839DFC329B343544FD40597A2B9867FD2A8739C63081D74157ACFC9B59C0CB4878B2F5155F582A6F09
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...r..f.........."...0.................. ........@.. ....................... .......M....`.................................h...O.......x...............0(..........0................................................ ............... ..H............text........ ...................... ..`.rsrc...x...........................@..@.reloc..............................@..B........................H.......pR...n...........................................................0..Y........o.......+C......o......r...p.o....t)...r...p(....,.........,..o.......&....X....i2..*..*...........$;..........8G.......0..#.......~....r/..po.......(....}.....{....(....,.rw..ps....z..{....o......r...p.o.......r...p.o....t)...}.....{.....(....,..r...p..o......}......}.....r...po.......r...p.o....t)...}.....{.....(....,..r...p..o......}......}.......,..o.........5.,..o......,..o......,..o....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):535
                                                                                                                                                                                                                                        Entropy (8bit):5.076084597400077
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:MMHdG3VO3rdZRLNFF7ap+5v5OXrRf/2//FicYo4xm:JdfrdDPF7NhOXrRH2/d9r
                                                                                                                                                                                                                                        MD5:D505E3DE03F172FA2B246E210054C5F7
                                                                                                                                                                                                                                        SHA1:F5A480F56F760EEBA3B29108387E54D70A721127
                                                                                                                                                                                                                                        SHA-256:A568F933F09B1AD1EE5E88DDCFFA1FE5921D18B73477136E1FAEE55F2BEF399A
                                                                                                                                                                                                                                        SHA-512:80F01447B43525DBDF5B283522FE14D9AECEF16E55EA3FE36DC0A94B53C49E03BB56136F0911C348FB78FB5AF6112B1DE7C38CBFFBD73ACB2971655EF1B2B859
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" /></startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.ini

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12
                                                                                                                                                                                                                                        Entropy (8bit):3.418295834054489
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:WhXSjn:WBa
                                                                                                                                                                                                                                        MD5:7E9C5492C1485A2AE94A108F6FFEEA95
                                                                                                                                                                                                                                        SHA1:F00A6A35F3D41AFF9ED2C028C26D918EEF06B715
                                                                                                                                                                                                                                        SHA-256:04CA73099B2058974220319A7CC3E156AE24AFA13B28F340E8D97B021D1BBC95
                                                                                                                                                                                                                                        SHA-512:191B4297645813DD163611547EC2708BD6678E535429FC4D771472BC185C887CAF24FAAA7F1DCF78577739E3D06387A756A11193C68918DDF47D21328CA1E4DC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:version=27.2

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):96816
                                                                                                                                                                                                                                        Entropy (8bit):6.179944898759355
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:XJt7dqUlizL21LDdeOKTfLz2L506wFj/XxFoKjhJG/50vks00UfgfgvC7Hxwm:XQUm2H5KTfOLgxFJjE50vksVUfPvCz
                                                                                                                                                                                                                                        MD5:9A344D6A16A6FEF791701FC52FA722A2
                                                                                                                                                                                                                                        SHA1:7F1CEF75650CA626D79F7F15818851A9C297F65E
                                                                                                                                                                                                                                        SHA-256:80890B7E8F3CC557A87BB1F84C7C30CA9B08B3F8AA68184D99439305EF91388E
                                                                                                                                                                                                                                        SHA-512:93ED10309A2EA138FE31BE55F82627290DDA0F8B7AEA63A54D97BB6EF2985BCC0449FCCC288DEF154D9F3318FB4DA9CAC3FBB4727986997DD1CDD5C97541139E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....0.d.........." ..0..H..........zf... ........... ....................................`.................................(f..O.......8............R..0(...........d............................................... ............... ..H............text....F... ...H.................. ..`.rsrc...8............J..............@..@.reloc...............P..............@..B................\f......H........k..D............................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p(....r...p(..........(....(......&..*........00......:.(......}....*..0..Z............( ...,......(!...*~..........("........( ...-..(....s#...........,..($.........(!...*..........&E.......0..G........{....,.(......5~%...r'..po&...rm..pr...po'...tR...r...p((..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):186416
                                                                                                                                                                                                                                        Entropy (8bit):5.934478472448458
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:6kfZS7FUguxN+77b1W5GR69UgoCaf8/BCnfKlRUjW01KyFes:0+c7b1W4R6joxfQ8p
                                                                                                                                                                                                                                        MD5:A68241D6E026F218B259FD2CE8F744C0
                                                                                                                                                                                                                                        SHA1:DEA3F011BBC728DB750A054CCF3C5FDFE583EB91
                                                                                                                                                                                                                                        SHA-256:B0F5B75176B338F03AF4BB287259F36167D86C7A6EF128FE021B7401854F2362
                                                                                                                                                                                                                                        SHA-512:1CBFA69C0F75ADAC4C61A84A803201E1897B2A24E50570C44048C6DDAB57A03A1DEBEE04671A8F1FE83745ECD8A91447A4E4E10611811A8B136B3B2016EAD119
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...&..Z.........." ..0...... ......~.... ........... ...............................P....@.................................,...O.......................0(........................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Microsoft.Win32.TaskScheduler.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):331824
                                                                                                                                                                                                                                        Entropy (8bit):6.168966743027853
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:KBhhiUWKJzPZNRntAXIjxs2f5Jg53XWlvidurmdIq8KmefViYkJTVBXi3VaKtNTe:KDMUWITZznu85k8Wdn8KmCjIFi3VvC
                                                                                                                                                                                                                                        MD5:DE6B588BD13AFFC760EE32D105C77A21
                                                                                                                                                                                                                                        SHA1:F9D20F683938F0347F0C2782D0E05FCFA143CEE1
                                                                                                                                                                                                                                        SHA-256:07762DCF4082B9A14BEC37573058015F03D26B46B9A6B7B0C0E66402CBE256F1
                                                                                                                                                                                                                                        SHA-512:6D0947E89ED1BF942C6BB93309BDD45B83FD92A3B8D0C4E3265A581DB9318B88187BDE5A58CFB5EE3A7BFE48167D4438B85D9FF03283C73A97B1C6022FE7CBCE
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... .......................@...........@.....................................O.......................0(... ..........T............................................ ............... ..H............text...<.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H............9..............H.............................................{....*..{....*V.(......}......}....*...0..A........u3.......4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. ..<. )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q6....6...-.&.+...6...o.....%..{.......%q7....7...-.&.+...7...o.....(....*..{....*..{....*..{....*r.(......}......}......}....*..0..Y........u8.......L.,G(.....{.....{....o....,/(.....{.....{....o....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Newtonsoft.Json.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):710192
                                                                                                                                                                                                                                        Entropy (8bit):5.9607419702126485
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:cBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUZ:cBjk38WuBcAbwoA/BkjSHXP36RMGw
                                                                                                                                                                                                                                        MD5:C2EBB296A9B097C4BC36018341C2F514
                                                                                                                                                                                                                                        SHA1:55B79CCD4F93AC6EF3AE6E2AD858DE5F23516EC9
                                                                                                                                                                                                                                        SHA-256:3CFB2C5E1947565F0795FCF5C0587B8F021842D52E79A40F25070BCABCE48089
                                                                                                                                                                                                                                        SHA-512:BF95FA3B93A25E040D3521BF8436BBA505D09F659360C0606F259607083D9C4F1366683CFE0215D4F13CE875E753B12F1DE058A3D0CBB84C3948644D0E7BDEEB
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p$?..........." ..0.............B.... ........... ....................... ....../t....`....................................O.......................0(.......... ...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................$.......H.......x...(9............................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\System.Management.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):55856
                                                                                                                                                                                                                                        Entropy (8bit):6.2394409505734165
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:rREoc0f5k1KlLoz0WOySMEpnSO7iX16UJKdiYpBEpYinAMxCWLa:rR8+5k15z0WBZEtgwJq7Hx3u
                                                                                                                                                                                                                                        MD5:89D62604A1CA22A2F8FFD987B543D38E
                                                                                                                                                                                                                                        SHA1:64D7D345821AA76971BB9EF71CE731CCD9BFAC32
                                                                                                                                                                                                                                        SHA-256:80D4A38A5C0F117AFC7FC74A3F2DA39259BDD980BBA85687FF2019C8262E171D
                                                                                                                                                                                                                                        SHA-512:1173C7AFE2719EF324342A6D3EA459319533843CFE8A04CDC63FCF3D8A2D6DC4BB537FC1A4DBA63F585EB11F3E16FB2F17C53BC64BC7318A52B44266A3A9A56E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....<V.........." ..0.................. .........c. ....................... .......e....`.................................P...O.......H...............0(........................................................... ............... ..H............text........ ...................... ..`.rsrc...H...........................@..@.reloc..............................@..B........................H........".................."..P............................................................................................0.......................0.......................................................................................0...............0...................................................................................................0...............0...................................................0...............0..........................................

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):602672
                                                                                                                                                                                                                                        Entropy (8bit):6.145404526272746
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:UShQrHBJEwJiIJJ8TihsEWdzs29glRleqn4uRTJgwhVHhoNw0r17K7DDaiC3KM+9:gHDxJGihsEKwSuTuwvOWgFA
                                                                                                                                                                                                                                        MD5:17D74C03B6BCBCD88B46FCC58FC79A0D
                                                                                                                                                                                                                                        SHA1:BC0316E11C119806907C058D62513EB8CE32288C
                                                                                                                                                                                                                                        SHA-256:13774CC16C1254752EA801538BFB9A9D1328F8B4DD3FF41760AC492A245FBB15
                                                                                                                                                                                                                                        SHA-512:F1457A8596A4D4F9B98A7DCB79F79885FA28BD7FC09A606AD3CD6F37D732EC7E334A64458E51E65D839DDFCDF20B8B5676267AA8CED0080E8CF81A1B2291F030
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X............." ..0............." ... ...@....... ....................................`.....................................O....@..|...............0(...`..........T............................................ ............... ..H............text...(.... ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B................. ......H............{..................x.......................................r.(......}......}......}....*....0..,........-..{.....o...+.+..{.....{....s.....o...+..*V.(......}......}....*...0...................-..+..o....s"........o$......o,....,..o....,...,....o(........,...oH...,...o......+.......9......o....,..{......o....o....o......s..........o&...8.....{......o....o........9e.....o.....?X.....r...po....9G.....r...po....o....r...p.( ...9&.....r...po....9......r...po....o.....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):73264
                                                                                                                                                                                                                                        Entropy (8bit):5.954475034553661
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:6784YWac+abptsy5VyYc/9n1RcGxzeeUVn9KyQgHo0JuresehaAR7HxRq:67N1r9KGI04CCARLq
                                                                                                                                                                                                                                        MD5:F4D9D65581BD82AF6108CFA3DD265A9A
                                                                                                                                                                                                                                        SHA1:A926695B1E5D3842D8345C56C087E58845307A16
                                                                                                                                                                                                                                        SHA-256:A3219CD30420EBCF7507C9C9F92FD551AE19999BE247CAA861A8A22D265BE379
                                                                                                                                                                                                                                        SHA-512:144C1195A440907592B22FC947F4284CA36869BDAE495EC8CA5212AF4F63E8E8492FB0EC3B37BF66DB912AF30864C69588D0E35ED9B3D24D36DF3B09DDB5B6C3
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0.................. ... ....... .......................`.......f....@.....................................O.... ..P...............0(...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H.......$...h...........................................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o ..........o!...........o"........*...o#..........o$..........o%...........o&...........o'........*....0..L.........o(..........o)..........o*...........o+...........o,...........o-........*.0..Y.........o...........o/..........o0...........o1...........o2...........o3...........o4.... ...*....0..k.........o5....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.InstallLog

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1213
                                                                                                                                                                                                                                        Entropy (8bit):4.851494694474147
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:qLUVhzVhM3VhdLtXXIxkKxeCsOVhzVhM3VhjwLUVhzVhM3VhmxD6JSrdpW:JXzXOXTHIKKKOXzXOXnXzXOXmt6srdpW
                                                                                                                                                                                                                                        MD5:3840B31C383FDF49BFD6740D945C9032
                                                                                                                                                                                                                                        SHA1:A6F50164A69718BCEF4664D7C47534F0D721866A
                                                                                                                                                                                                                                        SHA-256:1F119F4FDA8028B420E70EE1637C65E2B4198B41EB3EB44D911AFA6F1A0BBC64
                                                                                                                                                                                                                                        SHA-512:F5315421D4BC5F08FEF4E1449E5799DDF311F08EDA317A9EAAD8C88C2E7B7C26182BD586C0221FFE5F4112E5D6E05F5D45D2D0382B0ED51CA25AA94D4D95A84D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.InstallLog, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.Installing assembly 'C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe'...Affected parameters are:.. logtoconsole = .. assemblypath = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.. logfile = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog..Installing service AteraAgent.....Service AteraAgent has been successfully installed...Creating EventLog source AteraAgent in log Application.....Committing assembly 'C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe'...Affected parameters are:.. logtoconsole = .. assemblypath = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.. logfile = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog..Uninstalling assembly 'C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe'...Affected parameters are:.. logtoconsole = .. assemblypath = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.. logfile = C:\Program File

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.InstallState

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (7463), with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):7466
                                                                                                                                                                                                                                        Entropy (8bit):5.1606801095705865
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:R3DrP/zatgCnNjn1x62muDr9aHmzcv/65m7JDcm0BefnanGEkn56vT4ZvR++JDr+:NexdYX7OSRjXsaA0Ndhi
                                                                                                                                                                                                                                        MD5:362CE475F5D1E84641BAD999C16727A0
                                                                                                                                                                                                                                        SHA1:6B613C73ACB58D259C6379BD820CCA6F785CC812
                                                                                                                                                                                                                                        SHA-256:1F78F1056761C6EBD8965ED2C06295BAFA704B253AFF56C492B93151AB642899
                                                                                                                                                                                                                                        SHA-512:7630E1629CF4ABECD9D3DDEA58227B232D5C775CB480967762A6A6466BE872E1D57123B08A6179FE1CFBC09403117D0F81BC13724F259A1D25C1325F1EAC645B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?><ArrayOfKeyValueOfanyTypeanyType xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns:x="http://www.w3.org/2001/XMLSchema" z:Id="1" z:Type="System.Collections.Hashtable" z:Assembly="0" xmlns:z="http://schemas.microsoft.com/2003/10/Serialization/" xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><LoadFactor z:Id="2" z:Type="System.Single" z:Assembly="0" xmlns="">0.72</LoadFactor><Version z:Id="3" z:Type="System.Int32" z:Assembly="0" xmlns="">2</Version><Comparer i:nil="true" xmlns="" /><HashCodeProvider i:nil="true" xmlns="" /><HashSize z:Id="4" z:Type="System.Int32" z:Assembly="0" xmlns="">3</HashSize><Keys z:Id="5" z:Type="System.Object[]" z:Assembly="0" z:Size="2" xmlns=""><anyType z:Id="6" z:Type="System.String" z:Assembly="0" xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays">_reserved_nestedSavedStates</anyType><anyType z:Id="7" z:Type="System.String" z:Assembly="0" xmlns="http://schemas.microsoft.com/20

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):145968
                                                                                                                                                                                                                                        Entropy (8bit):5.874150428357998
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:bk/SImWggsVz8TzihTmmrG/GOXYsqRK3ybTXzpUTQM9/FMp:ISWB/YrRK3yb37
                                                                                                                                                                                                                                        MD5:477293F80461713D51A98A24023D45E8
                                                                                                                                                                                                                                        SHA1:E9AA4E6C514EE951665A7CD6F0B4A4C49146241D
                                                                                                                                                                                                                                        SHA-256:A96A0BA7998A6956C8073B6EFF9306398CC03FB9866E4CABF0810A69BB2A43B2
                                                                                                                                                                                                                                        SHA-512:23F3BD44A5FB66BE7FEA3F7D6440742B657E4050B565C1F8F4684722502D46B68C9E54DCC2486E7DE441482FCC6AA4AD54E94B1D73992EB5D070E2A17F35DE2F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O..e.........."...0.............f$... ...@....@.. ...............................1....`..................................$..O....@..,...............0(...`......."............................................... ............... ..H............text...|.... ...................... ..`.rsrc...,....@......................@..@.reloc.......`......................@..B................H$......H.......(...D4..........l!..p.............................................{....*.0..N........~......,.~.....+:(.......~....(........(....#.......@....,.(.....+.~.....+..*...0..;........(.......(.....1.(.......(........+....,.~.....+.~.....+..*..0..6........~....%-.&~..........s....%.....s ......o!.....o"....*...0..O........(...........~#...r...po$..........,..rG..ps%...z.rO..p.....(&....~.....o'....*..0..>........~#...r...po(............,'.~#...r...po$............,.rG..ps%...

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1442
                                                                                                                                                                                                                                        Entropy (8bit):5.076953226383825
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:JdfrdB2nk3Jc3J4YH33Jy34OqsJ+J4YHKJy34OOAPF7NhOXrRH2/d9r:3frf2nKS4YHJyILsJ+J4YHKJyIv47O7w
                                                                                                                                                                                                                                        MD5:B3BB71F9BB4DE4236C26578A8FAE2DCD
                                                                                                                                                                                                                                        SHA1:1AD6A034CCFDCE5E3A3CED93068AA216BD0C6E0E
                                                                                                                                                                                                                                        SHA-256:E505B08308622AD12D98E1C7A07E5DC619A2A00BCD4A5CBE04FE8B078BCF94A2
                                                                                                                                                                                                                                        SHA-512:FB6A46708D048A8F964839A514315B9C76659C8E1AB2CD8C5C5D8F312AA4FB628AB3CE5D23A793C41C13A2AA6A95106A47964DAD72A5ECB8D035106FC5B7BA71
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" /></startup>.... <appSettings>.. .. .. .. <add key="ClientSettingsProvider.ServiceUri" value="" />.. </appSettings>.. .. .. <system.web>.. <membership defaultProvider="ClientAuthenticationMembershipProvider">.. <providers>.. <add name="ClientAuthenticationMembershipProvider" type="System.Web.ClientServices.Providers.ClientFormsAuthenticationMembershipProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" />.. </providers>.. </membership>.. <roleManager defaultProvider="ClientRoleProvider" enabled="true">.. <providers>.. <add name="ClientRoleProvider" type="System.Web.ClientServices.Providers.ClientRoleProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" cacheTimeout="86

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\BouncyCastle.Crypto.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3318832
                                                                                                                                                                                                                                        Entropy (8bit):6.534876879948643
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:yIBbo0WIgmjljFtXCdRLRBcJd+KaGxHIkMNqzP56O8lZ7qXUqi9p:DBbBWIgWljGxRB/LLp
                                                                                                                                                                                                                                        MD5:11CC798BAFA45BE12D27C68D6B59BA27
                                                                                                                                                                                                                                        SHA1:4D1CA0C0F1BC3691F5F852CC8D3ED88605B70434
                                                                                                                                                                                                                                        SHA-256:443A1C088E62810A954FFE9F0136F7A8D5E44928425D23B5284D936270D9837A
                                                                                                                                                                                                                                        SHA-512:FA0AEAF5309FD1593DB8AF774F18AA9CDA9B7ABD3F32D34CFD1B615EE68CECA0155DFB0AB7351E182B1B9D872BF41B19E66D2B597D2BA6300AF332A0F525C75A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....R............" ..0..r2..........&1.. ....2...... ........................2.....i.3...@.................................G&1.O.....2..............|2.0(....2.....X.(.p............................................ ............... ..H............text....p2.. ...r2................. ..`.rsrc.........2......t2.............@..@.reloc........2......z2.............@..B................{&1.....H...........$....................(.....................................V!........s.........*.~....-*(....o....o....o.........~....-.~.........~....*..( ...*...0..G.......(!....o"....s.1....s*,..%..(.... ....o.....o 0...Zo....t....o8(..(....*..0..$..........(.....(....o.....(!.......io#...*z...(....(!....o"...o....(....*..0............T....r...p.(O....o$....(....*..0..I.......sG...sB)..s.(..s.(...(....s6(....,..o%....2...(....sV(....+.....%..ox...*..( ...*V.(&.....}......}..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\ICSharpCode.SharpZipLib.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):215088
                                                                                                                                                                                                                                        Entropy (8bit):6.030864151731967
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:r1uYsjrFIzmuxpOI/1MvCdRbpSISC8j7s/k:mIzm6pOIgvr7ok
                                                                                                                                                                                                                                        MD5:C106DF1B5B43AF3B937ACE19D92B42F3
                                                                                                                                                                                                                                        SHA1:7670FC4B6369E3FB705200050618ACAA5213637F
                                                                                                                                                                                                                                        SHA-256:2B5B7A2AFBC88A4F674E1D7836119B57E65FAE6863F4BE6832C38E08341F2D68
                                                                                                                                                                                                                                        SHA-512:616E45E1F15486787418A2B2B8ECA50CACAC6145D353FF66BF2C13839CD3DB6592953BF6FEED1469DB7DDF2F223416D5651CD013FB32F64DC6C72561AB2449AE
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....*............" ..0..............'... ...@....... ....................................`..................................'..O....@..t............ ..0(...`.......&..T............................................ ............... ..H............text........ ...................... ..`.rsrc...t....@......................@..@.reloc.......`......................@..B.................'......H........... ...................$&........................................( ...*"..(!...*&...("...*&...(#...*2.r...p(....*"..(....*&...(....*&...(....*2.rE..p(....*"..(....*&...(....*&...(....*2.r...p(....*"..(....*&...(....*&...(....*J..r...p($...(....*v....(%.....(%.....(%...(....*....L...%...%.r...p.%...%.r...p.%....%.r+..p.%...(&...(....*..(....*&...(....*&...(....*.0..)........{.........('...t......|......(...+...3.*....0..)........{.........()...t......|......(...+...3.

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\Newtonsoft.Json.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):710192
                                                                                                                                                                                                                                        Entropy (8bit):5.96048066969898
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:3BARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTUU:3BA/ZTvQD0XY0AJBSjRlXP36RMGV
                                                                                                                                                                                                                                        MD5:2C4D25B7FBD1ADFD4471052FA482AF72
                                                                                                                                                                                                                                        SHA1:FD6CD773D241B581E3C856F9E6CD06CB31A01407
                                                                                                                                                                                                                                        SHA-256:2A7A84768CC09A15362878B270371DAAD9872CAACBBEEBE7F30C4A7ED6C03CA7
                                                                                                                                                                                                                                        SHA-512:F7F94EC00435466DB2FB535A490162B906D60A3CFA531A36C4C552183D62D58CCC9A6BB8BBFE39815844B0C3A861D3E1F1178E29DBCB6C09FA2E6EBBB7AB943A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ......J.....`.....................................O.......................0(.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\Pubnub.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):602672
                                                                                                                                                                                                                                        Entropy (8bit):6.145404526272746
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:UShQrHBJEwJiIJJ8TihsEWdzs29glRleqn4uRTJgwhVHhoNw0r17K7DDaiC3KM+9:gHDxJGihsEKwSuTuwvOWgFA
                                                                                                                                                                                                                                        MD5:17D74C03B6BCBCD88B46FCC58FC79A0D
                                                                                                                                                                                                                                        SHA1:BC0316E11C119806907C058D62513EB8CE32288C
                                                                                                                                                                                                                                        SHA-256:13774CC16C1254752EA801538BFB9A9D1328F8B4DD3FF41760AC492A245FBB15
                                                                                                                                                                                                                                        SHA-512:F1457A8596A4D4F9B98A7DCB79F79885FA28BD7FC09A606AD3CD6F37D732EC7E334A64458E51E65D839DDFCDF20B8B5676267AA8CED0080E8CF81A1B2291F030
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X............." ..0............." ... ...@....... ....................................`.....................................O....@..|...............0(...`..........T............................................ ............... ..H............text...(.... ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B................. ......H............{..................x.......................................r.(......}......}......}....*....0..,........-..{.....o...+.+..{.....{....s.....o...+..*V.(......}......}....*...0...................-..+..o....s"........o$......o,....,..o....,...,....o(........,...oH...,...o......+.......9......o....,..{......o....o....o......s..........o&...8.....{......o....o........9e.....o.....?X.....r...po....9G.....r...po....o....r...p.( ...9&.....r...po....9......r...po....o.....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\System.ValueTuple.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):73264
                                                                                                                                                                                                                                        Entropy (8bit):5.954475034553661
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:6784YWac+abptsy5VyYc/9n1RcGxzeeUVn9KyQgHo0JuresehaAR7HxRq:67N1r9KGI04CCARLq
                                                                                                                                                                                                                                        MD5:F4D9D65581BD82AF6108CFA3DD265A9A
                                                                                                                                                                                                                                        SHA1:A926695B1E5D3842D8345C56C087E58845307A16
                                                                                                                                                                                                                                        SHA-256:A3219CD30420EBCF7507C9C9F92FD551AE19999BE247CAA861A8A22D265BE379
                                                                                                                                                                                                                                        SHA-512:144C1195A440907592B22FC947F4284CA36869BDAE495EC8CA5212AF4F63E8E8492FB0EC3B37BF66DB912AF30864C69588D0E35ED9B3D24D36DF3B09DDB5B6C3
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0.................. ... ....... .......................`.......f....@.....................................O.... ..P...............0(...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H.......$...h...........................................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o ..........o!...........o"........*...o#..........o$..........o%...........o&...........o'........*....0..L.........o(..........o)..........o*...........o+...........o,...........o-........*.0..Y.........o...........o/..........o0...........o1...........o2...........o3...........o4.... ...*....0..k.........o5....

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\log.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):252
                                                                                                                                                                                                                                        Entropy (8bit):5.180369109105496
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:A0TJSi9LlJLKFKui9wqWluiKFHnFSLRg42VVWy/RKxBn+5LsSFeLKKQGg2D2Gdnh:AiS8Lq89w3pKFSQoy/Ry9XpzQgDnn1DX
                                                                                                                                                                                                                                        MD5:665E12D8128D73D0C7753CD6B8E9F2EB
                                                                                                                                                                                                                                        SHA1:8136230B34854B7F9D88F75029769346F6FFD4D7
                                                                                                                                                                                                                                        SHA-256:9F0DDF2D31B84F2DF95521B1D420145834C787FFE329EC8F8171BF406E8EFEAA
                                                                                                                                                                                                                                        SHA-512:76EA5E9CBD858B37F7F17A6493CE1C6701BF6FE7AC0DE3A87EFCFC147AC69EDA945FCF3913C0B6585B27CCEB811B42593B963918BE7F378CCEC3AF7B03B2653D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/i /IntegratorLogin=gratefullytatum@gmail.com /CompanyId=1 /IntegratorLoginUI= /CompanyIdUI= /FolderId= /AccountId=001Q300000MveCAIAZ /AgentId=efdd2c58-d53a-48e0-bd64-b73430c78939.08/11/2024 07:38:20 Trace Starting..08/11/2024 07:38:42 Trace Starting..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\inprocmessaging\trayProcessMessages.json

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):178
                                                                                                                                                                                                                                        Entropy (8bit):5.297229986157016
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:5PbTsP0x7OVUrtr9q8fSgNpUgMHDxYQNCPo/Ps548gOmc7JP/VD2DZHeGyphiSDP:RbTgVUxrU86g0gMHDLVPOkOm4HYDKiwP
                                                                                                                                                                                                                                        MD5:F9C6D59900F20059A28250C2BC585336
                                                                                                                                                                                                                                        SHA1:419A8291B188073E4D4E7D9DF995148E285727E1
                                                                                                                                                                                                                                        SHA-256:DD09F8E1646CFDD6D59A70A657F74D3541FEF725365EAD51AB73A9B3F082F1BA
                                                                                                                                                                                                                                        SHA-512:67B44531BD85BFCC7A942DAF031A739A19DF0DC5C0168C01BF7DC585B796FFDC776CCC3C777E46B3366E65A128382C488EF644F185250B436E8E9570FD0ABAAA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:eyJJZCI6IjQ1MGQ3OGMzLWY3MmEtNDY3NS05MGZjLTI4YzFmNDZkMmY5MyIsIkNyZWF0ZWQiOiIyMDI0LTExLTA4VDA3OjM5OjI2LjkzMDE1Mi0wNTowMCIsIk1lc3NhZ2UiOiJfSU5JVF8iLCJUaW1lb3V0IjoiMDA6MDE6MDAifQ==..

                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):252
                                                                                                                                                                                                                                        Entropy (8bit):5.180369109105496
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:A0TJSi9LlJLKFKui9wqWluiKFHnFSLRg42VVWy/RKxBn+5LsSFeLKKQGg2D2Gdnh:AiS8Lq89w3pKFSQoy/Ry9XpzQgDnn1DX
                                                                                                                                                                                                                                        MD5:665E12D8128D73D0C7753CD6B8E9F2EB
                                                                                                                                                                                                                                        SHA1:8136230B34854B7F9D88F75029769346F6FFD4D7
                                                                                                                                                                                                                                        SHA-256:9F0DDF2D31B84F2DF95521B1D420145834C787FFE329EC8F8171BF406E8EFEAA
                                                                                                                                                                                                                                        SHA-512:76EA5E9CBD858B37F7F17A6493CE1C6701BF6FE7AC0DE3A87EFCFC147AC69EDA945FCF3913C0B6585B27CCEB811B42593B963918BE7F378CCEC3AF7B03B2653D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:/i /IntegratorLogin=gratefullytatum@gmail.com /CompanyId=1 /IntegratorLoginUI= /CompanyIdUI= /FolderId= /AccountId=001Q300000MveCAIAZ /AgentId=efdd2c58-d53a-48e0-bd64-b73430c78939.08/11/2024 07:38:20 Trace Starting..08/11/2024 07:38:42 Trace Starting..

                                                                                                                                                                                                                                        C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):145968
                                                                                                                                                                                                                                        Entropy (8bit):5.874150428357998
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:bk/SImWggsVz8TzihTmmrG/GOXYsqRK3ybTXzpUTQM9/FMp:ISWB/YrRK3yb37
                                                                                                                                                                                                                                        MD5:477293F80461713D51A98A24023D45E8
                                                                                                                                                                                                                                        SHA1:E9AA4E6C514EE951665A7CD6F0B4A4C49146241D
                                                                                                                                                                                                                                        SHA-256:A96A0BA7998A6956C8073B6EFF9306398CC03FB9866E4CABF0810A69BB2A43B2
                                                                                                                                                                                                                                        SHA-512:23F3BD44A5FB66BE7FEA3F7D6440742B657E4050B565C1F8F4684722502D46B68C9E54DCC2486E7DE441482FCC6AA4AD54E94B1D73992EB5D070E2A17F35DE2F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O..e.........."...0.............f$... ...@....@.. ...............................1....`..................................$..O....@..,...............0(...`......."............................................... ............... ..H............text...|.... ...................... ..`.rsrc...,....@......................@..@.reloc.......`......................@..B................H$......H.......(...D4..........l!..p.............................................{....*.0..N........~......,.~.....+:(.......~....(........(....#.......@....,.(.....+.~.....+..*...0..;........(.......(.....1.(.......(........+....,.~.....+.~.....+..*..0..6........~....%-.&~..........s....%.....s ......o!.....o"....*...0..O........(...........~#...r...po$..........,..rG..ps%...z.rO..p.....(&....~.....o'....*..0..>........~#...r...po(............,'.~#...r...po$............,.rG..ps%...

                                                                                                                                                                                                                                        C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1442
                                                                                                                                                                                                                                        Entropy (8bit):5.076953226383825
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:JdfrdB2nk3Jc3J4YH33Jy34OqsJ+J4YHKJy34OOAPF7NhOXrRH2/d9r:3frf2nKS4YHJyILsJ+J4YHKJyIv47O7w
                                                                                                                                                                                                                                        MD5:B3BB71F9BB4DE4236C26578A8FAE2DCD
                                                                                                                                                                                                                                        SHA1:1AD6A034CCFDCE5E3A3CED93068AA216BD0C6E0E
                                                                                                                                                                                                                                        SHA-256:E505B08308622AD12D98E1C7A07E5DC619A2A00BCD4A5CBE04FE8B078BCF94A2
                                                                                                                                                                                                                                        SHA-512:FB6A46708D048A8F964839A514315B9C76659C8E1AB2CD8C5C5D8F312AA4FB628AB3CE5D23A793C41C13A2AA6A95106A47964DAD72A5ECB8D035106FC5B7BA71
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" /></startup>.... <appSettings>.. .. .. .. <add key="ClientSettingsProvider.ServiceUri" value="" />.. </appSettings>.. .. .. <system.web>.. <membership defaultProvider="ClientAuthenticationMembershipProvider">.. <providers>.. <add name="ClientAuthenticationMembershipProvider" type="System.Web.ClientServices.Providers.ClientFormsAuthenticationMembershipProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" />.. </providers>.. </membership>.. <roleManager defaultProvider="ClientRoleProvider" enabled="true">.. <providers>.. <add name="ClientRoleProvider" type="System.Web.ClientServices.Providers.ClientRoleProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" cacheTimeout="86

                                                                                                                                                                                                                                        C:\Program Files\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3318832
                                                                                                                                                                                                                                        Entropy (8bit):6.534876879948643
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:yIBbo0WIgmjljFtXCdRLRBcJd+KaGxHIkMNqzP56O8lZ7qXUqi9p:DBbBWIgWljGxRB/LLp
                                                                                                                                                                                                                                        MD5:11CC798BAFA45BE12D27C68D6B59BA27
                                                                                                                                                                                                                                        SHA1:4D1CA0C0F1BC3691F5F852CC8D3ED88605B70434
                                                                                                                                                                                                                                        SHA-256:443A1C088E62810A954FFE9F0136F7A8D5E44928425D23B5284D936270D9837A
                                                                                                                                                                                                                                        SHA-512:FA0AEAF5309FD1593DB8AF774F18AA9CDA9B7ABD3F32D34CFD1B615EE68CECA0155DFB0AB7351E182B1B9D872BF41B19E66D2B597D2BA6300AF332A0F525C75A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....R............" ..0..r2..........&1.. ....2...... ........................2.....i.3...@.................................G&1.O.....2..............|2.0(....2.....X.(.p............................................ ............... ..H............text....p2.. ...r2................. ..`.rsrc.........2......t2.............@..@.reloc........2......z2.............@..B................{&1.....H...........$....................(.....................................V!........s.........*.~....-*(....o....o....o.........~....-.~.........~....*..( ...*...0..G.......(!....o"....s.1....s*,..%..(.... ....o.....o 0...Zo....t....o8(..(....*..0..$..........(.....(....o.....(!.......io#...*z...(....(!....o"...o....(....*..0............T....r...p.(O....o$....(....*..0..I.......sG...sB)..s.(..s.(...(....s6(....,..o%....2...(....sV(....+.....%..ox...*..( ...*V.(&.....}......}..

                                                                                                                                                                                                                                        C:\Program Files\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):215088
                                                                                                                                                                                                                                        Entropy (8bit):6.030864151731967
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:r1uYsjrFIzmuxpOI/1MvCdRbpSISC8j7s/k:mIzm6pOIgvr7ok
                                                                                                                                                                                                                                        MD5:C106DF1B5B43AF3B937ACE19D92B42F3
                                                                                                                                                                                                                                        SHA1:7670FC4B6369E3FB705200050618ACAA5213637F
                                                                                                                                                                                                                                        SHA-256:2B5B7A2AFBC88A4F674E1D7836119B57E65FAE6863F4BE6832C38E08341F2D68
                                                                                                                                                                                                                                        SHA-512:616E45E1F15486787418A2B2B8ECA50CACAC6145D353FF66BF2C13839CD3DB6592953BF6FEED1469DB7DDF2F223416D5651CD013FB32F64DC6C72561AB2449AE
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....*............" ..0..............'... ...@....... ....................................`..................................'..O....@..t............ ..0(...`.......&..T............................................ ............... ..H............text........ ...................... ..`.rsrc...t....@......................@..@.reloc.......`......................@..B.................'......H........... ...................$&........................................( ...*"..(!...*&...("...*&...(#...*2.r...p(....*"..(....*&...(....*&...(....*2.rE..p(....*"..(....*&...(....*&...(....*2.r...p(....*"..(....*&...(....*&...(....*J..r...p($...(....*v....(%.....(%.....(%...(....*....L...%...%.r...p.%...%.r...p.%....%.r+..p.%...(&...(....*..(....*&...(....*&...(....*.0..)........{.........('...t......|......(...+...3.*....0..)........{.........()...t......|......(...+...3.

                                                                                                                                                                                                                                        C:\Program Files\ATERA Networks\AteraAgent\Newtonsoft.Json.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):710192
                                                                                                                                                                                                                                        Entropy (8bit):5.96048066969898
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:3BARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTUU:3BA/ZTvQD0XY0AJBSjRlXP36RMGV
                                                                                                                                                                                                                                        MD5:2C4D25B7FBD1ADFD4471052FA482AF72
                                                                                                                                                                                                                                        SHA1:FD6CD773D241B581E3C856F9E6CD06CB31A01407
                                                                                                                                                                                                                                        SHA-256:2A7A84768CC09A15362878B270371DAAD9872CAACBBEEBE7F30C4A7ED6C03CA7
                                                                                                                                                                                                                                        SHA-512:F7F94EC00435466DB2FB535A490162B906D60A3CFA531A36C4C552183D62D58CCC9A6BB8BBFE39815844B0C3A861D3E1F1178E29DBCB6C09FA2E6EBBB7AB943A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ......J.....`.....................................O.......................0(.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                        C:\Program Files\ATERA Networks\AteraAgent\Pubnub.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):602672
                                                                                                                                                                                                                                        Entropy (8bit):6.145404526272746
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:UShQrHBJEwJiIJJ8TihsEWdzs29glRleqn4uRTJgwhVHhoNw0r17K7DDaiC3KM+9:gHDxJGihsEKwSuTuwvOWgFA
                                                                                                                                                                                                                                        MD5:17D74C03B6BCBCD88B46FCC58FC79A0D
                                                                                                                                                                                                                                        SHA1:BC0316E11C119806907C058D62513EB8CE32288C
                                                                                                                                                                                                                                        SHA-256:13774CC16C1254752EA801538BFB9A9D1328F8B4DD3FF41760AC492A245FBB15
                                                                                                                                                                                                                                        SHA-512:F1457A8596A4D4F9B98A7DCB79F79885FA28BD7FC09A606AD3CD6F37D732EC7E334A64458E51E65D839DDFCDF20B8B5676267AA8CED0080E8CF81A1B2291F030
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X............." ..0............." ... ...@....... ....................................`.....................................O....@..|...............0(...`..........T............................................ ............... ..H............text...(.... ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B................. ......H............{..................x.......................................r.(......}......}......}....*....0..,........-..{.....o...+.+..{.....{....s.....o...+..*V.(......}......}....*...0...................-..+..o....s"........o$......o,....,..o....,...,....o(........,...oH...,...o......+.......9......o....,..{......o....o....o......s..........o&...8.....{......o....o........9e.....o.....?X.....r...po....9G.....r...po....o....r...p.( ...9&.....r...po....9......r...po....o.....

                                                                                                                                                                                                                                        C:\Program Files\ATERA Networks\AteraAgent\System.ValueTuple.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):73264
                                                                                                                                                                                                                                        Entropy (8bit):5.954475034553661
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:6784YWac+abptsy5VyYc/9n1RcGxzeeUVn9KyQgHo0JuresehaAR7HxRq:67N1r9KGI04CCARLq
                                                                                                                                                                                                                                        MD5:F4D9D65581BD82AF6108CFA3DD265A9A
                                                                                                                                                                                                                                        SHA1:A926695B1E5D3842D8345C56C087E58845307A16
                                                                                                                                                                                                                                        SHA-256:A3219CD30420EBCF7507C9C9F92FD551AE19999BE247CAA861A8A22D265BE379
                                                                                                                                                                                                                                        SHA-512:144C1195A440907592B22FC947F4284CA36869BDAE495EC8CA5212AF4F63E8E8492FB0EC3B37BF66DB912AF30864C69588D0E35ED9B3D24D36DF3B09DDB5B6C3
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0.................. ... ....... .......................`.......f....@.....................................O.... ..P...............0(...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H.......$...h...........................................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o ..........o!...........o"........*...o#..........o$..........o%...........o&...........o'........*....0..L.........o(..........o)..........o*...........o+...........o,...........o-........*.0..Y.........o...........o/..........o0...........o1...........o2...........o3...........o4.... ...*....0..k.........o5....

                                                                                                                                                                                                                                        C:\Program Files\dotnet\LICENSE.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (514), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):9519
                                                                                                                                                                                                                                        Entropy (8bit):4.902271147017698
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:ydP0KvBLCqikR/EgGJLrlwD+eilNi5Py1SDeoDXDw9lF5OMz6Q:PWBuqikR/EDJLriwlNi5KI1Tw9lF5OjQ
                                                                                                                                                                                                                                        MD5:31C5A77B3C57C8C2E82B9541B00BCD5A
                                                                                                                                                                                                                                        SHA1:153D4BC14E3A2C1485006F1752E797CA8684D06D
                                                                                                                                                                                                                                        SHA-256:7F6839A61CE892B79C6549E2DC5A81FDBD240A0B260F8881216B45B7FDA8B45D
                                                                                                                                                                                                                                        SHA-512:AD33E3C0C3B060AD44C5B1B712C991B2D7042F6A60DC691C014D977C922A7E3A783BA9BADE1A34DE853C271FDE1FB75BC2C47869ACD863A40BE3A6C6D754C0A6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MICROSOFT SOFTWARE LICENSE TERMS..MICROSOFT .NET LIBRARY ..These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. Please read them. They apply to the software named above, which includes the media on which you received it, if any. The terms also apply to any Microsoft.. * updates,.. * supplements,.. * Internet-based services, and.. * support services..for this software, unless other terms accompany those items. If so, those terms apply...BY USING THE SOFTWARE, YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM, DO NOT USE THE SOFTWARE...IF YOU COMPLY WITH THESE LICENSE TERMS, YOU HAVE THE PERPETUAL RIGHTS BELOW...1. INSTALLATION AND USE RIGHTS. .. a. Installation and Use. You may install and use any number of copies of the software to design, develop and test your programs... b. Third Party Programs. The software may include third party programs that Microsoft, not the third party, licenses to you under this

                                                                                                                                                                                                                                        C:\Program Files\dotnet\ThirdPartyNotices.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (755), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):79954
                                                                                                                                                                                                                                        Entropy (8bit):5.2343129347468
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:HA9jHwQZGfgg39/zwgAVkguQXrDjugtSEGepkWvrpX7anuqdLS4mfiStPq+3Lefj:HA97wfogz1AVxuujHtSFULryLggrGRwJ
                                                                                                                                                                                                                                        MD5:F77A4AECFAF4640D801EB6DCDFDDC478
                                                                                                                                                                                                                                        SHA1:7424710F255F6205EF559E4D7E281A3B701183BB
                                                                                                                                                                                                                                        SHA-256:D5DB0ED54363E40717AE09E746DEC99AD5B09223CC1273BB870703176DD226B7
                                                                                                                                                                                                                                        SHA-512:1B729DFA561899980BA8B15128EA39BC1E609FE07B30B283001FD9CF9DA62885D78C18082D0085EDD81F09203F878549B48F7F888A8486A2A526B134C849FD6B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.NET Runtime uses third-party libraries or other resources that may be..distributed under licenses different than the .NET Runtime software.....In the event that we accidentally failed to list a required notice, please..bring it to our attention. Post an issue or email us:.... dotnet@microsoft.com....The attached notices are provided for information only.....License notice for ASP.NET..-------------------------------....Copyright (c) .NET Foundation. All rights reserved...Licensed under the Apache License, Version 2.0.....Available at..https://github.com/dotnet/aspnetcore/blob/main/LICENSE.txt....License notice for Slicing-by-8..-------------------------------....http://sourceforge.net/projects/slicing-by-8/....Copyright (c) 2004-2006 Intel Corporation - All Rights Reserved......This software program is licensed subject to the BSD License, available at..http://www.opensource.org/licenses/bsd-license.html.....License notice for Unicode data..-------------------------------...

                                                                                                                                                                                                                                        C:\Program Files\dotnet\dotnet.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):139560
                                                                                                                                                                                                                                        Entropy (8bit):6.287749729909957
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:swmRQoZmiyYIRPEgufW6see/URLSpseL5AXboB0UD:swmRbZmiyAfClcRLSpfLyLu0g
                                                                                                                                                                                                                                        MD5:36D228BE5ED20ADCC78CE322462BB51F
                                                                                                                                                                                                                                        SHA1:075B139595D5A86D53F87E2C90F0E484C9A769C0
                                                                                                                                                                                                                                        SHA-256:9935A604779C42CC7FC4291A68EC1D6EE889B8CEC349630B1ED1EFEC0B79B1BE
                                                                                                                                                                                                                                        SHA-512:419744B62337B1DBAD22FC3D1238FE2CC2DD7CABFBAD79F14E05CE6C470189D8F0DA8E6C9C97AA6E86AFD8398BAA9B90DFDA0A295D61A2F7413A7ADC704B9A27
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8..}|...|...|...../p...../v.....//...u.).l...../y...|........./t.....E.}...../}...Rich|...................PE..d......f.........."......J.......... ..........@.............................P.......p....`..........................................................0..........8.......()...@..........T.......................(.......8............`...............................text....H.......J.................. ..`.rdata...~...`.......N..............@..@.data...............................@....pdata..8...........................@..@_RDATA....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\host\fxr\6.0.35\hostfxr.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):378016
                                                                                                                                                                                                                                        Entropy (8bit):6.299291222115666
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:oGrRuLv2A7NEtiODC3zGr4iAOsCSEAg2gcmgrW091s:vOv2aNEzDuiAOsUuH91s
                                                                                                                                                                                                                                        MD5:940CD13B0268A9F75DD1C04548BBB9A9
                                                                                                                                                                                                                                        SHA1:7EBCE93D389C04DF1E3FCE71C9659DF6D75749B5
                                                                                                                                                                                                                                        SHA-256:36D60BF2659400EA672EDEC58C7FA1105B8F7BF55E75A75C7554ECDEFF1DBD89
                                                                                                                                                                                                                                        SHA-512:37A9384067DA8F9FE345519455D1E9B125E8EB8B7B1E87F8B8DDFDB1070E5556B6A65084A32F56FDF9D4553A986F4575691859C71882445506650D947859B1B2
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........k..|.I.|.I.|.I...H.|.I...H.|.I...H.|.I...I.|.I+..H.|.I.|.I4|.I2..H.|.I2..H.|.I2..I.|.I2..H.|.IRich.|.I........PE..d......f.........." ................................................................pD....`A.........................................P.......R.................../.......(......|.......p.......................(.......8............................................text...,........................... ..`.rdata...S.......T..................@..@.data...(....p.......T..............@....pdata.../.......0...^..............@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..|...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\.version

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):50
                                                                                                                                                                                                                                        Entropy (8bit):3.951272380112911
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:ilQC7BRFSRHLgQbLi:w7BTiBbLi
                                                                                                                                                                                                                                        MD5:BB568E3396EAB3BC8E5B4084D3288C15
                                                                                                                                                                                                                                        SHA1:0C06BC1D72CF0706B7A901F4570A73E4CD151172
                                                                                                                                                                                                                                        SHA-256:B648A485B2762EA04CDCFB1C4631F0A75929D1ED8B7C1DF4BB139F0201662643
                                                                                                                                                                                                                                        SHA-512:42B379CB8596E258393948B5394FC5840DB3D9B76BEAAACD1BFBFE6C860C3835596BCBD4B31CDFF444A9AFEF46EE617BFD830AE46F08C974186A47DA2ED43272
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:b357f86ce3bce7c232ea242074b17bebdc50b543..6.0.35..

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.CSharp.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1042720
                                                                                                                                                                                                                                        Entropy (8bit):6.759185121370171
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:a93g4kD8aA+u1xjx1nu+Vu9yHZzsYghdi4YNLNlqx:W3g4kDiLlVu+Vu9yH+XiFi
                                                                                                                                                                                                                                        MD5:C3928A25CD29B21B84DF1554B4EA3FEE
                                                                                                                                                                                                                                        SHA1:057F67EB18BC2B19CB77AC413141DE255DBD0211
                                                                                                                                                                                                                                        SHA-256:79E9D346314609D493344EA0C51AE8E93DEAA5870A105FC07EB29E8458748CBE
                                                                                                                                                                                                                                        SHA-512:825FD54D970A7B02C7863C45B574CBF3D51B0CFA33B51681B8D96D5D32771A4EF24EBCE5C57AFF664AB7231279A60871C8967745F87A9698347E4A66E0DB3EAC
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d... ............." ................................................................y.....`...@......@............... .......................................6...j...... )......<...`D..T...............................................................H............text............................... ..`.data...D...........................@....reloc..<...........................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.DiaSymReader.Native.amd64.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2309152
                                                                                                                                                                                                                                        Entropy (8bit):6.414576855139372
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:jH+fGgFyzuNiG6H0n8D1gkrz/OAyFAopdrq/c/:+GgFQq8DT/ZyFDN0c
                                                                                                                                                                                                                                        MD5:A71CD05C01F0FC603C0BD782516F806D
                                                                                                                                                                                                                                        SHA1:C15E261D5E7318875D324D28AB70A883CD434C81
                                                                                                                                                                                                                                        SHA-256:7F8DCF37D9D66EAE14C48A79FA2FCD447BD0F38A21BE0203A9C4A89398AACF28
                                                                                                                                                                                                                                        SHA-512:CE53F6DC1F02889ED6FB1F8DF226F9BADBB039F79505CDBD599A00A32B6617DA5E19F2AD7F76BB8134B3CCAD39FAB2209ED8EC6AE42CD30402C4E450FC19FA88
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Wq0...^...^...^.Xh]...^.Xh[..^.XhZ...^..]...^..Z.'.^.Xh_...^..._...^..[.m.^..W...^..^...^......^.......^..\...^.Rich..^.........................PE..d....ZY..........." ...(.....\...... 0........................................#......)$...`A.........................................Z!.p....[!.P....P#.......!..W....#. (...`#..>.....p.......................(....U..@...................0Y!.`....................text............................... ..`.rdata...Y.......Z..................@..@.data....a...p!......^!.............@....pdata...W....!..X...t!.............@..@.didat..p....@#.......".............@....rsrc........P#.......".............@..@.reloc...>...`#..@....".............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.NETCore.App.deps.json

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32962
                                                                                                                                                                                                                                        Entropy (8bit):4.336195794839597
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:+BP5VEsIhKPMEPrT3XCGjDyiEc6BHa21Fe8kFN92uwtEeCJyK:6RVEsIhKPMEPrT3XCGjDyiEc6BHa21Fk
                                                                                                                                                                                                                                        MD5:4D015F352BB2E8413AC4215371BC5E35
                                                                                                                                                                                                                                        SHA1:ADFF306655001DCD02003372C2AC439A7BE17C59
                                                                                                                                                                                                                                        SHA-256:686481AE0DD4F3F7E44B2A4FA2949B319A0F701437CA42FDA78D637EBC2BD298
                                                                                                                                                                                                                                        SHA-512:DA871BA710634EF171A80ACD1A473BEB8204E8DF10F375CB999B9FF1A95264C256D5C7E01531F62E8D4A2608BBB858A7C6209DCBE2348E360C7F231861D3CF5C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:{.. "runtimeTarget": {.. "name": ".NETCoreApp,Version=v6.0/win-x64",.. "signature": "".. },.. "compilationOptions": {},.. "targets": {.. ".NETCoreApp,Version=v6.0": {},.. ".NETCoreApp,Version=v6.0/win-x64": {.. "Microsoft.NETCore.App.Runtime.win-x64/6.0.35": {.. "runtime": {.. "System.Private.CoreLib.dll": {.. "assemblyVersion": "6.0.0.0",.. "fileVersion": "6.0.3524.45918".. },.. "Microsoft.VisualBasic.dll": {.. "assemblyVersion": "10.0.0.0",.. "fileVersion": "6.0.3524.45918".. },.. "mscorlib.dll": {.. "assemblyVersion": "4.0.0.0",.. "fileVersion": "6.0.3524.45918".. },.. "netstandard.dll": {.. "assemblyVersion": "2.1.0.0",.. "fileVersion": "6.0.3524.45918".. },.. "System.AppContext.dll": {.. "assemblyVersion": "6.0.0.0",.. "fileVersion": "6.0.3524.45918".. },..

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.NETCore.App.runtimeconfig.json

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):159
                                                                                                                                                                                                                                        Entropy (8bit):4.54941695087313
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:3Hpn/hdNxDI/pANC+KL4nNOcW3mJAGRM3Bojqy2VKXmHEk/FTy:3Hp/hdNyhAk+Q6NOCUo+K8EkNTy
                                                                                                                                                                                                                                        MD5:3FBD84A952D4BAB02E11FEC7B2BBC90E
                                                                                                                                                                                                                                        SHA1:E92DE794F3C8D5A5A1A0B75318BE9D5FB528D07D
                                                                                                                                                                                                                                        SHA-256:1B7AA545D9D3216979A9EFE8D72967F6E559A9C6A22288D14444D6C5C4C15738
                                                                                                                                                                                                                                        SHA-512:C97C1DA7AE94847D4EDF11625DC5B5085838C3842A550310CCA5C70BA54BE907FF454CA1E0080BA451EACFC5954C3F778F8B4E26C0933E55C121C86C9A24400B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:{.. "runtimeOptions": {.. "tfm": "net6.0",.. "configProperties": {.. "System.Reflection.Metadata.MetadataUpdater.IsSupported": false.. }.. }..}

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.VisualBasic.Core.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1245448
                                                                                                                                                                                                                                        Entropy (8bit):6.769261315323123
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:cxvknPxKYMVXllgnURGXuYl9wCi1Io+bZr:MvaPxKYcX8nURGX0CiY
                                                                                                                                                                                                                                        MD5:97F73DE2693B5F6EF780513E9179DDCF
                                                                                                                                                                                                                                        SHA1:EC998FAE441D1761960E1A1937EEADF60AE2ACC0
                                                                                                                                                                                                                                        SHA-256:92F5BAC23616A987292E4D65AABC8F16D102BAF50C1785A41C38305BC99A20B7
                                                                                                                                                                                                                                        SHA-512:98CE22DC95F50DA11F9828C9777DEF21AAB1EF95FAC938388766E2989C134F72896C7C8E1F686CF45077096879CFFD277CF94A7DBCECA238FD9BA0169DE8A14D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...a`............" ......................................................................`...@......@............... ..................................L........k.......)......l...(D..T...........................................................P...H............text............................... ..`.data........ ......................@....reloc..l...........................@..B............................................0.......................<.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............d...^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........R.....S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.VisualBasic.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):18184
                                                                                                                                                                                                                                        Entropy (8bit):6.587142355138018
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:p9SphH3cLeq/YxWmH6K9QdWoYA6VFHRN7hYcTR9z67V:pkHMLH/oEFClbV9zMV
                                                                                                                                                                                                                                        MD5:E807A9DF3752B47DD2EBF325488329EB
                                                                                                                                                                                                                                        SHA1:D780B123892ED5343BD2F0741184AE2F90A0A3A7
                                                                                                                                                                                                                                        SHA-256:BB902FB88A2C3AFD4548AA7631E6CEFFB9A8062A213B9654DE40D7C2ACB2A985
                                                                                                                                                                                                                                        SHA-512:6CB85784EA617D879BC5C40D204A91092F233A492C2EEA642E56ABDEA671066E5D0ABF29FBF1C074DFEBBE1683FBBE0A632F20952DBE82B0557EA40BE89B469A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....z..........." ..0..............2... ...@....... ....................................`.................................{2..O....@...................)...`.......1..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H.......P .......................1......................................BSJB............v4.0.30319......l.......#~..p.......#Strings....l.......#US.p.......#GUID.......H...#Blob............T.........3....................................K...............2.................<.....d.J..........."...~."....."...}."....."...}."....."...d.".....".....x.....x.............................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y......... .............

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.Win32.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):26376
                                                                                                                                                                                                                                        Entropy (8bit):6.566822188548986
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:TWhPTpWvZWnjmMDQnqyXhHuo0XWjYA6VFHRN7KW+ONSR9zdVHJ3:eVjm5n5XdCIFCl7BNe9zh3
                                                                                                                                                                                                                                        MD5:1F61CBDDE703B882F07EF7D71C3D3D25
                                                                                                                                                                                                                                        SHA1:F09B9EC89343C7EBACCA3C956859F46A30BCE04D
                                                                                                                                                                                                                                        SHA-256:B64A75F89C611F4CF88EC9AE85BB34D719578B01C106B16E2E8703694ABD1B0C
                                                                                                                                                                                                                                        SHA-512:78A90230E462F2AFE911E88E974FA7976D957DEFD3FF04C9B141D970AE25F29BE3F70C1D4ACFEE43C319FA80A142663B66EC3CE073EDB8AC99616720CDD0BB96
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...i............." .....4...................................................p............`...@......@............... ..................................D............>...)...`..\...8...T...........................................................H...H............text....2.......4.................. ..`.data........P.......6..............@....reloc..\....`.......<..............@..B............................................0.......................4.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........L.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...(.....0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.Win32.Registry.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):87824
                                                                                                                                                                                                                                        Entropy (8bit):6.609888713325627
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:61Qcxml5haPYOueQFjym3sykEomWxGsVico5Bkbxliw33zC:61QIml5wPY3Fjy5ykE8xGsVicCBsXp3O
                                                                                                                                                                                                                                        MD5:EA5EF3E9C8F7A2A240ADB2D2D225AC01
                                                                                                                                                                                                                                        SHA1:EF69C741CF3CE92CC5B68E825C9E9796BAA9246B
                                                                                                                                                                                                                                        SHA-256:8609E30FBDE9BFE93B51A31E27963C44195EAC284904F5EA19E435E81CC9293D
                                                                                                                                                                                                                                        SHA-512:98C6B84FCB38F35E281265B7DD046A1CDFC1A31F787A011FE8227478C7D7C38AEBB09D350BAD457A115555BE28B7A6FD78659AC5A26AAF8A5B7970C25B19260D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....p..........." .........................................................`............`...@......@............... ..................................8...p............)...P..........T...........................................................8...H............text............................... ..`.data........0......................@....reloc.......P.......,..............@..B............................................0.......................(.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........@.....S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.AppContext.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15624
                                                                                                                                                                                                                                        Entropy (8bit):6.801530918765
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:W2NrDaW+p7WMYA6VFHRN7+eASR9zdVCOkh:nQbFClSe9za5
                                                                                                                                                                                                                                        MD5:23D709F84FAE16898B3B3FB532E39B92
                                                                                                                                                                                                                                        SHA1:34D3D72D6B1A2F0842DC18332585C60707CF29C2
                                                                                                                                                                                                                                        SHA-256:FBCB30E92AF2A28FC42F5862BBAC27A938B1A3BBDD21523DE48E5FC693AF720A
                                                                                                                                                                                                                                        SHA-512:0AAA8A9E4C2A7D7E287A1EC76F637BE582670E55823D42E179EDE70405BB60A58664F90CE2F39E1A5E136010E428E19DBBC38F61E7753F95CA5EDEB2FB5E883C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M............."!..0.............^)... ........@.. ..............................].....`..................................)..S....@..h................)...`......d(..8............................................ ............... ..H............text...d.... ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B................@)......H........ ......................P ..........................................Y...N.$...i.]....,....C..Y./....U....#......9id.....\G@..b{..@..+.%.>..d.E.........9.6...W....O.....<.6}...{.z....&BSJB............v4.0.30319......`.......#~..,.......#Strings............#GUID...........#Blob......................3................................................".p.....p...;.>.........f.............Q.....Q.....&...!.&.....&...[.&.....&.....&.....&...B.&...O.&...v.p...........

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Buffers.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15632
                                                                                                                                                                                                                                        Entropy (8bit):6.782221204196243
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:WR0yWYi2W8pWjA6Kr4PFHnhWgN7agWykfKUSIX01k9z3ARqzJDL/:RyWYi2W8YA6VFHRN7C2IR9zooH/
                                                                                                                                                                                                                                        MD5:4089E1C839BC40FB1412C37BE8A6C3FE
                                                                                                                                                                                                                                        SHA1:5CCC3643FE29E5DD454ADC2E7127FE22D3982983
                                                                                                                                                                                                                                        SHA-256:4481BE9159BBA109BF872B6A7FD176CFA55416D4A8A666CCA60251B848AF7E54
                                                                                                                                                                                                                                        SHA-512:17BB639068C9DDCDD49380400E3829F82AF414C68FB53A68F4640B8FFF491F14ED35CD3F89A1030873D84BACE6558FF2F2099F5EF5598F7E1C58D6ECEDD8466F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....m..........."!..0.............^)... ........@.. ....................................`..................................)..S....@..X................)...`......h(..8............................................ ............... ..H............text...d.... ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B................@)......H........ ......................P ........................................~w.;p.....B.@gTM.j..Ms..LXP..r....T....?46BDb.6..V.:.X._.F(..S.s...@..,ZO..le=.=[.k.=%..>2....wk.._I.2..O..3(k......[cBSJB............v4.0.30319......`.......#~..,.......#Strings............#GUID...........#Blob......................3..................................................y.....y...G.G.........r.......(.....Z.....Z...../...-./...../...g./...../...../...../...N./...[./.....y...........

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.Concurrent.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):247080
                                                                                                                                                                                                                                        Entropy (8bit):6.849191153993673
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:GsS/IAVyNU2kbEf5+i6MKORygikbyO2DGJ0pebVq:GsBAr2vt6MikbD2CieVq
                                                                                                                                                                                                                                        MD5:E17BE481647C2DDCFFCD74FF9FBC1A74
                                                                                                                                                                                                                                        SHA1:7A5E9AA77CD0C8C72BA81311934BFFC3AECE2342
                                                                                                                                                                                                                                        SHA-256:086E14D805EF4CEFDB25506736DCC5D6E800D618DF672358CB1112BA04A1F8CA
                                                                                                                                                                                                                                        SHA-512:3C2342D9B1DE3E7E191A543F1C1D47ED04A679400F79A77B9F044E93425864603F453CBA86929173E5B14EBEEB929B3729DF1F902B5E655A8DC716F316174C74
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....C6..........." .....`...:............................................................`...@......@............... .......................................e..........()..........P...T...............................................................H............text...._.......`.................. ..`.data....5...p...6...b..............@....reloc..............................@..B............................................0...........................l.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...T.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...C.o.l.l.e.c.t.i.o.n.s...C.o.n.c.u.r.r.e.n.t...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...d.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.Immutable.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):666288
                                                                                                                                                                                                                                        Entropy (8bit):6.78661325216844
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:W36Xx8oDIB+7QBj0YBC6WXz66M4cRuco/oMy5iu:W3EWIX5at
                                                                                                                                                                                                                                        MD5:1B93945C7F04740122C60D8C9221654A
                                                                                                                                                                                                                                        SHA1:D19F777B688704693BDE7C8B0456D8D82D8B3AB4
                                                                                                                                                                                                                                        SHA-256:0C23E0E757D0DBF213A6BBFF8A76336D0AE762547EE898FA6F03F4C1A11C63C7
                                                                                                                                                                                                                                        SHA-512:23319E803AB3A271812FE3BFBBA76EDF33D8F13C446CABA164BE1E68C0645B4D119818644642F15A02C266FE65090688D3734CB8BFD0A61D81B5136E77C1AC88
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...nP............" ......................................................... ............`...@......@............... ......................................,...P^.......(...... ...."..T...............................................................H............text............................... ..`.data...:.... ......................@....reloc.. ...........................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...v./...C.o.m.m.e.n.t.s...T.h.i.s. .p.a.c.k.a.g.e. .p.r.o.v.i.d.e.s. .c.o.l.l.e.c.t.i.o.n.s. .t.h.a.t. .a.r.e. .t.h.r.e.a.d. .s.a.f.e. .a.n.d. .g.u.a.r.a.n.t.e.e.d. .t.o. .n.e.v.e.r. .c.h.a.n.g.e. .

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.NonGeneric.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):101144
                                                                                                                                                                                                                                        Entropy (8bit):6.476048974487395
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:vfgNzmjhqPdxPhjxSd+XBQCvePLDrnsrpyi3:3Nhq0FsE4
                                                                                                                                                                                                                                        MD5:67FFDB95AB55A741D15CCCD4C7B75DBA
                                                                                                                                                                                                                                        SHA1:D73B4BFBF850A3184990976B959CF08F925FBD08
                                                                                                                                                                                                                                        SHA-256:1F8D33569B15DB329B49388E6DC03A9121739F2F4155901761A56CF66CFA2477
                                                                                                                                                                                                                                        SHA-512:744E2409DFDBF41B4E1A568B0323FBEDB3F08368C812664CF7B7CF0F4FA269C7641CCC3BDC82075B97494829CF29D08E928BCE8AB4290B312EB6AB7CB8249758
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....u..........." .....L................................................................`...@......@............... ......................................(3.......b...)..........H...T...............................................................H............text...0K.......L.................. ..`.data........`.......N..............@....reloc...............`..............@..B............................................0...........................l.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...T.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...C.o.l.l.e.c.t.i.o.n.s...N.o.n.G.e.n.e.r.i.c...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...d.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.Specialized.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):95496
                                                                                                                                                                                                                                        Entropy (8bit):6.534791453724649
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:jWfjc8LAhPvoiTCxaDVvkDTC5O7/LyY204yhpVeypoi8C4dezFc:j0QsAZNBsDTs+zyY204yhpVey6dIO
                                                                                                                                                                                                                                        MD5:2BB568CF400E0890E8AA25DA5445D3FF
                                                                                                                                                                                                                                        SHA1:15C9D61A4EEFA521E7FD3FD51DF60AF80486FFED
                                                                                                                                                                                                                                        SHA-256:49577AAE05031B386CB8C04275047ECE9A0D63A6C4BBDFB1A4AE3B7841761CE3
                                                                                                                                                                                                                                        SHA-512:C2616137D3D41CF9F1A3F89F4F891C7DB09C18332CE5367C433C868E38DC9AF34D7A5D29D6023464F4250DB5EB1124319ED2A04BE2CEE9371391C7C498D8992A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....V............" .....6..........................................................O.....`...@......@............... .......................................0..h....L...)...p......P...T...............................................................H............text...x4.......6.................. ..`.data...\....P.......8..............@....reloc.......p.......J..............@..B............................................0...........................|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...V.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...C.o.l.l.e.c.t.i.o.n.s...S.p.e.c.i.a.l.i.z.e.d.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...f.....F.i.l.e.D.e.s.c.r.i.p.t.i.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):264992
                                                                                                                                                                                                                                        Entropy (8bit):6.761266470511353
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:30bzt+JuwscekH2KrzQ5t056pAje2l3qZ7CLzG:35JuwDvHQNW27CLy
                                                                                                                                                                                                                                        MD5:ECAF66EE198849D3200E028C0A31CE8B
                                                                                                                                                                                                                                        SHA1:521E58557861EC5E549BFE9836E6E54C55E7F38A
                                                                                                                                                                                                                                        SHA-256:193A45006B2330E29C5FC6D0D3F92C269D9E9BDF1FA141E51B0A07909B7A02E8
                                                                                                                                                                                                                                        SHA-512:A5A73B4D1C6D3E346FC7DC85CD1E77181F2946FE99F0181B7BE68B98D8319718A07D4707DD3F709778175D3FDE73915B9AFED8FC451210D93CC596C8DF6CD8F8
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...6e8..........." .........@............................................................`...@......@............... ..................................t...,].......... )......,.......T...........................................................x...H............text............................... ..`.data.../9.......:..................@....reloc..,...........................@..B............................................0.......................d.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........|.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...X.....0.0.0.0.0.4.b.0...>.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...C.o.l.l.e.c.t.i.o.n.s.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...N.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.e.m...C.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.Annotations.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):187192
                                                                                                                                                                                                                                        Entropy (8bit):6.462092532995058
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:l7PmpgPixtBuguLv7F8IbGumTG5D5/vbF6V+F7LWYkQ6v+P0:FepnxeB1QG5lF7qtQ6v+M
                                                                                                                                                                                                                                        MD5:39FAEB8118FD29C6205C0A2129E91454
                                                                                                                                                                                                                                        SHA1:560A13F6BCAFB43B40F51770E6E2268AA2B37B4D
                                                                                                                                                                                                                                        SHA-256:8146999337103583BB15FFD1D5DA680D6FE35F594A5AE49EDCFF5A16BD8B7B74
                                                                                                                                                                                                                                        SHA-512:2631B643253CA643CDA19B9E3AEE72131EC5EAC4B7B81821DC45EA57B2A4CD23420A7808D979E90A609BE3D338BBC278F986E801001D92DC342FDF92ECC12F0D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....2w..........." .....v...:......................................................[.....`...@......@............... ...................................... G..........8)..........("..T...............................................................H............text...*t.......v.................. ..`.data...a4.......6...x..............@....reloc..............................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...\."...C.o.m.m.e.n.t.s...S.y.s.t.e.m...C.o.m.p.o.n.e.n.t.M.o.d.e.l...A.n.n.o.t.a.t.i.o.n.s...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...l."...F.i.l.e.D.e.s.c.r.i.p.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.DataAnnotations.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):17672
                                                                                                                                                                                                                                        Entropy (8bit):6.642694010569177
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:m8imyfJe9eGXx44sAcUUWudXWwYA6VFHRN7T2lNbZR9zah6:m8j+nxTFClTsFT9zn
                                                                                                                                                                                                                                        MD5:399D1C1EE94247E9EF6500A017A71C1B
                                                                                                                                                                                                                                        SHA1:822F0321519EB59D625175CBF1A655F2F7699A9A
                                                                                                                                                                                                                                        SHA-256:D6693E0D5F2F24774E991A351F97D740E75A73FAD20295C4E2DDD51D9B65B6BE
                                                                                                                                                                                                                                        SHA-512:F577118238FC96FDACFE23CA6D37AA736CAD858022E20E65D881C7D06648D2D4EBD5E80E8F5B398E95A8F1DCE4B653022D71371AD9C75E514F687DA7359CD6A1
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............0... ...@....... ...............................r....`.................................;0..O....@...................)...`......8/..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................o0......H.......P ..h...........................................................BSJB............v4.0.30319......l...D...#~......L...#Strings............#US.........#GUID.......X...#Blob............T.........3....................................+...............M.p...P.p.....]...........................O.....7.................>.....[...............................9.....p.................W.....W.....W...).W...1.W...9.W...A.W...I.W...Q.W...Y.W...a.W...i.W...q.W...y.W.....W. ...W.....W...

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.EventBasedAsync.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):38672
                                                                                                                                                                                                                                        Entropy (8bit):6.487371211774158
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:2IzyrkRPK1c3I484t6gu2FClLsl9zal7pQ:2IzBP8c3z6guiiLs3zarQ
                                                                                                                                                                                                                                        MD5:F81A8E96C4B41133CE2FBA56D63F4C22
                                                                                                                                                                                                                                        SHA1:85849958E58BF6A9FD5BEFDB67FF98842E6466B0
                                                                                                                                                                                                                                        SHA-256:77367BEF47DE9D2DEF9C606906A84D733A1D688BCF7299956828FB54C6A36422
                                                                                                                                                                                                                                        SHA-512:65102174EDF155614F696E1A251A2DD6A69176B61211EC5194067FE203D6B73D91D6A8E6E9D63188DD8A76BAB051E7EB77BEF00D7C569A798E53CD9BF20B1A27
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....%..........." .....b..........................................................T.....`...@......@............... ......................................$...x....n...)..............T...............................................................H............text...Ra.......b.................. ..`.data................d..............@....reloc...............l..............@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...d.&...C.o.m.m.e.n.t.s...S.y.s.t.e.m...C.o.m.p.o.n.e.n.t.M.o.d.e.l...E.v.e.n.t.B.a.s.e.d.A.s.y.n.c...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...t.&...F.i.l.e.D.e.s.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):75424
                                                                                                                                                                                                                                        Entropy (8bit):6.41974698596593
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:P2sgnMIPQZQmsB2q+mKl/Q3mb1yF0YDC2oKQ15hC9QQs2mDLFClKmoQ9zRhoy:OsgXcmKmWYFlC2oKQsi3iKmVzRh
                                                                                                                                                                                                                                        MD5:596B37F463658FD24CE29F3F25C6628A
                                                                                                                                                                                                                                        SHA1:BE186A42FF6EE13C7F2546C3A7CAA622B4829FA7
                                                                                                                                                                                                                                        SHA-256:9B05AF160EFFCE0A352E0FB722350221A1F2A41010EFF10E769C12C3C28ABF10
                                                                                                                                                                                                                                        SHA-512:B03607DB59376501B6AFF0A0D04FA49B4CD106D9E009D5CBA006C6909A04BAD74FEAACAD0FE40704DA34D1D6AFD34F26D97C8B1090E4B6A177F52CEB5ADD4D54
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....A............" ......................................................... ............`...@......@............... .......................................&...........(..............T...............................................................H............text............................... ..`.data...............................@....reloc..............................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...Z.!...C.o.m.m.e.n.t.s...S.y.s.t.e.m...C.o.m.p.o.n.e.n.t.M.o.d.e.l...P.r.i.m.i.t.i.v.e.s.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...j.!...F.i.l.e.D.e.s.c.r.i.p.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.TypeConverter.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):747280
                                                                                                                                                                                                                                        Entropy (8bit):6.696052130941475
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:Yq+dHPXqf5N+iMMturyUV8mIEUGKea0RAh5RNFRSll++KzUmw/BndUMHz6ifKjFW:yv+N+iMMturyU+m6RNFZUmw/BnfT6KK0
                                                                                                                                                                                                                                        MD5:97D87D45E05EAC86E89F33FFB66DD9CC
                                                                                                                                                                                                                                        SHA1:3B29D3210B4A1ABC1D2876599F776950E56C3451
                                                                                                                                                                                                                                        SHA-256:52BE87AB0CD386C0BE9538E44B9D1432BCF28370E98D568CBDAB409C84EC1889
                                                                                                                                                                                                                                        SHA-512:94834AD8ABB9F99E779D1DBF15502CA918B8D89ED83027CBDE5B7C8C15CBAF325286F4C127396E725F4490881D247EC411FD23E6D71C1B1C60A2C83366C18F06
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....._..........." .....n...................................................P......V.....`...@......@............... ..........................................<]...>...)...@..$...8=..T...............................................................H............text....m.......n.................. ..`.data................p..............@....reloc..$....@......................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...`.$...C.o.m.m.e.n.t.s...S.y.s.t.e.m...C.o.m.p.o.n.e.n.t.M.o.d.e.l...T.y.p.e.C.o.n.v.e.r.t.e.r...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...p.$...F.i.l.e.D.e.s.c.r.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):18696
                                                                                                                                                                                                                                        Entropy (8bit):6.596746437040324
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:LW4X1Wove+Scpij+uCozWEdYA6VFHRN7QHWMR9z2QgW:/RScci4FCl8Z9zzgW
                                                                                                                                                                                                                                        MD5:0C8FF2C70D84FB0202750D8A19E0EC20
                                                                                                                                                                                                                                        SHA1:0BCE9D795D182291948DA212B728CA3476D58F58
                                                                                                                                                                                                                                        SHA-256:651C26058CD4C530458E740923E4CA85F76EEF6FE9E915631678800E9AD7E862
                                                                                                                                                                                                                                        SHA-512:872D7DB41EA2941B9305C6702A18F32E8C3F9EB363E239CA2851D5F9EF7B724BD0D6B034FDEA07419A08CC30B7F8F667F2924E25180126F5CE747EB93C7987EE
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....*u..........." .........................................................P......B.....`...@......@............... ..........................................`.... ...)...@...... ...T...............................................................H............text............................... ..`.data...N....0......................@....reloc.......@......................@..B............................................0.......................t...,.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o...h.....0.0.0.0.0.4.b.0...D.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...C.o.m.p.o.n.e.n.t.M.o.d.e.l...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...T.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.e.m.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Configuration.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):19744
                                                                                                                                                                                                                                        Entropy (8bit):6.575603714433907
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:aXoWX0yXQB1uXTSv/fvNRvGZYdf3zyP/weZvEydDgWvfNWZUX6HRN799R9zrJRri:1niZvVCcWF9ze
                                                                                                                                                                                                                                        MD5:A559E0096F62D213A900AAF749F08F5D
                                                                                                                                                                                                                                        SHA1:31C37CAAF3F0FA6C6ECE9E3C98E905FFF921AF1C
                                                                                                                                                                                                                                        SHA-256:7B5BD709929BE586FA1B95B7066C3A4AD9B5462FB1F7714BB39E6DDFD3B54148
                                                                                                                                                                                                                                        SHA-512:B9803794E42E984BA841D5A32BE8553FEB9CABED2E59866B35E73D3AF3641FA9D60207F98254BA923F9B9AA902BF08941B545F19310B4596CD097B01F22FBB7B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...7.(..........." ..0..............9... ...@....... ...................................`..................................9..O....@...............$.. )...`.......8..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B.................9......H.......P ......................88......................................BSJB............v4.0.30319......l.......#~......h...#Strings............#US.........#GUID.......P...#Blob............T.........3....................................h.....D...............s.......|...............D.z...............Z.................0.....M.................<............."...,...................v.....v.....v...).v...1.v...9.v...A.v...I.v...Q.v...Y.v...a.v...i.v...q.v...y.v.....v. ...v.....v...

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Console.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):156936
                                                                                                                                                                                                                                        Entropy (8bit):6.5995271738923975
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:h3J/DYsIem43AYT+a5TfaEPvbKwUJmOaYIEipy50K:X/DyWqaFCGmdIcIEbb
                                                                                                                                                                                                                                        MD5:7710279322A362C928BF36639EFFBF81
                                                                                                                                                                                                                                        SHA1:2B679CA3058DC2A5C90F40D3C1A98C9553098AAC
                                                                                                                                                                                                                                        SHA-256:1842EFE9037300ECE2E81E40EC000FA9338A4C786CBCFED0B47DD05B1C4E77EB
                                                                                                                                                                                                                                        SHA-512:085C7342AECA9F65B9E3774BF2E84AC9D703D66F764678ABC79A1AB8D5F82BE59B50BA97B53303956F2DEB055553B419E91DE8002E8D219FB38AD933EC802ADD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........$...............................................`............`...@......@............... .......................................<.......<...)...P......h...T...............................................................H............text............................... ..`.data........0... ..................@....reloc.......P.......8..............@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Core.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):24336
                                                                                                                                                                                                                                        Entropy (8bit):6.299107673471786
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:/sIbPFWOUSnPEW51b04H9DGMq/tE8aQjryAkxkBm4U1zXtrC1IIKrWXi2WUYA6VJ:/vPFWOUSnP751b04H9DGMq/tE8aQjryz
                                                                                                                                                                                                                                        MD5:9354C7BD9F23D4899200DAAA3BE37296
                                                                                                                                                                                                                                        SHA1:440D5E15680AB4BCCDD656E598A12C8884A56390
                                                                                                                                                                                                                                        SHA-256:25D934AB5109749874D2FC86A356DB68DF98DE7F1A5857E3F2B8744173B1B8D5
                                                                                                                                                                                                                                        SHA-512:3549F0275E7C848EB7E3E3EB7B881C846F73D3F8448C3F5032E10A49A245D7310D3643B6A605A55DA88CC90F3DC6F132A26812A763580B0B36A81B8CC4AC3932
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>............" ..0..,...........J... ...`....... ....................................`.................................CJ..O....`..8............6...)..........tI..T............................................ ............... ..H............text....*... ...,.................. ..`.rsrc...8....`......................@..@.reloc...............4..............@..B................wJ......H.......P ...(...................H......................................BSJB............v4.0.30319......l.......#~..........#Strings.....%......#US..%......#GUID....%......#Blob............T.........3............................................................................1.N...c.................y.....0...........].....z...................................K...................[.....[.....[...).[...1.[...9.[...A.[...I.[...Q.[...Y.[...a.[...i.[...q.[...y.[.....[. ...[.....[...

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Data.Common.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2983584
                                                                                                                                                                                                                                        Entropy (8bit):6.807191200324224
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:TyNlk2vtvXwQdjfbPQ+EPba92I7aE0Vnv1XgVi4nNmch7cDpBsKTzkt2BeE:T+VdLX3Sv
                                                                                                                                                                                                                                        MD5:E6421C7A5CF51CB5B5706BF00AA01B4F
                                                                                                                                                                                                                                        SHA1:12876E56B267E945FB709D9B5703009872D1A4F7
                                                                                                                                                                                                                                        SHA-256:272042F39223A4445CCCAAE2490C8291CBA723A1C30B61DB7603C218C69216E1
                                                                                                                                                                                                                                        SHA-512:B8597038DEFDD8BC8ED07BF56903E7E85D4B427973C473F60920EE53AB04CBFD7BCA488AFC5B659116BFA62A3B95769A690496A34B95647DA1F1E65E13217E6D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...].q..........." .....r+...................................................-......m....`...@......@............... ..................................t...@&...K...^-..(...`-..&......T...........................................................x...H............text...7p+......r+................. ..`.data.........+......t+.............@....reloc...&...`-..(...6-.............@..B............................................0.......................d.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........|.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...X.....0.0.0.0.0.4.b.0...>.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...D.a.t.a...C.o.m.m.o.n.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...N.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.e.m...D.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Data.DataSetExtensions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16152
                                                                                                                                                                                                                                        Entropy (8bit):6.668996319122586
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:ulguSZJRWaJ7WzX6HRN7nVXC4deR9zVjxMY:TuWQWnVXC4dC9zVjd
                                                                                                                                                                                                                                        MD5:3E2A4F4D06E78AE1F2972A92F475C059
                                                                                                                                                                                                                                        SHA1:7ED79074D8F081398FA9119D20F475EF2A162814
                                                                                                                                                                                                                                        SHA-256:5B509E7AB8FC8FA00C722ABFDDDB37C1BDE182270D9A3030B785751910F3DFB3
                                                                                                                                                                                                                                        SHA-512:9DB1D000C9C5F130BEBF73EB8144495467A3D87165F6C94DBED18D4E709ACDBC787DC42AFA13D859EF70D441F3BDAD9979D96AA356439CBAA4BB8362E7F58ABF
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....T............"!..0..............)... ........@.. ....................................`..................................)..O....@...................)...`.......(..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H........ .. ...................P ......................................4..'..E....[..y.].%k.tT.*mT`Gf...#.y..=..1....%_....B_.J.I..C...rq..F..{.v.....r.9~7sMFL..]6..K.iz .I..9 .......|......)|BSJB............v4.0.30319......`...H...#~......X...#Strings............#GUID...........#Blob......................3................................................E...............................:...'.A...i.A.....A...~.A.....A.....A.....A...e.A.....A...........E.................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Data.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):25864
                                                                                                                                                                                                                                        Entropy (8bit):6.25146842792214
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:aBaJC9XmGP2SoxDZQj/6YWiXFW5YA6VFHRN7JKdpR9z+pttXEv:awsXmJDZQ7EFCluD9zWjXe
                                                                                                                                                                                                                                        MD5:457D34A9E93C95B0E0927741C43C706F
                                                                                                                                                                                                                                        SHA1:56C5AE9397D703F211CBF109CFC86EA5AE16DFCB
                                                                                                                                                                                                                                        SHA-256:434C2AEAEC2DED6A904FF16256412128FC0FA57DC6B54A1626E8F4558A14646B
                                                                                                                                                                                                                                        SHA-512:DD8759ED49410BB0086638A9101DF294D4A67C56ACC4509B26FC6DC136FE8A194E76747261218EED92E5DCB47365FD91262D1D8D38CA6F47B2B4BACD82E811CF
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..2...........P... ...`....... ....................................`..................................P..O....`..8............<...)...........O..T............................................ ............... ..H............text....0... ...2.................. ..`.rsrc...8....`.......4..............@..@.reloc...............:..............@..B.................P......H.......P ......................HO......................................BSJB............v4.0.30319......l.......#~......0...#Strings.... ,......#US.$,......#GUID...4,......#Blob............T.........3....................................<.....[...............:.................A...........o...........!...........R.....Z.....w............................... ...........#...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y......... .............

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Contracts.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16152
                                                                                                                                                                                                                                        Entropy (8bit):6.794991722289914
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:9WxAgNW6i2Wp/X6HRN7AtIJVXC4deR9zVjxX:98m1WQgVXC4dC9zVjF
                                                                                                                                                                                                                                        MD5:E815C8AE914EE40BF8D404FCA79D5753
                                                                                                                                                                                                                                        SHA1:1E754EEC56B0762A99640B3B5537CB6F1FA81AE7
                                                                                                                                                                                                                                        SHA-256:89E4C33A4B7BA60A748A9EA3D5D1413AF0AB63CD29117F159FDCEF5779BD9359
                                                                                                                                                                                                                                        SHA-512:654D7B3AEFA8C29002247DB18807DF777421C94FC8E6ED4C8C013EC5828F142581DE45D2A1132C8D6BE7A2DEEEE2ED0F60F19EC78B94905245E3E5A52D23A67D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....{..........."!..0..............+... ........@.. ....................................`..................................+..W....@...................)...`.......*..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........ ......................P ........................................)^.O..(.+sY.R.T...!%s.R...F4}c..X..@..1..sh....}...........e..Enr....F..P..."...N......."l......S..^ zs...R/o..`@..i...h..;BSJB............v4.0.30319......`.......#~......H...#Strings....8.......#GUID...H.......#Blob......................3......................................Z.........9.........................,.....{.........F...........5.............................#.....p.........................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Debug.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16144
                                                                                                                                                                                                                                        Entropy (8bit):6.771179430350626
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:k1b2xx+3kW2SmWypWjA6Kr4PFHnhWgN7agW5IhHssDX01k9z3AGWPsU:5o0W2SmWyYA6VFHRN7gIFDR9z7WP1
                                                                                                                                                                                                                                        MD5:CB70708DCDFC6E40B8D57703AC186C6B
                                                                                                                                                                                                                                        SHA1:EE450F4D1EA1419E80725CF0ADD7CCC0F422285D
                                                                                                                                                                                                                                        SHA-256:0E2F8A41ABB218127967B9B63F7D88B2472AF27776A95F6F616D1E4F0068FB36
                                                                                                                                                                                                                                        SHA-512:35C7BEE29F8D1B1B6825EE4C7EABE4EEB15D9925F204720D22BFB4FE5CBDC7E48D5454E40E14E3D14291ABD69E27C44C4FB2B0CA0FEF5EDC263C1130CE716A0A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$2............"!..0.............n+... ........@.. ..............................p.....`..................................+..W....@...................)...`......`*..8............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P+......H........ ......................P .........................................Z..}P..).1.:.|..x^s.T:..'(i@.:.~~r(.j1.U.K....e.X.....9K...6...{..N.k~h._.f...U..T*s..en.)G..y/<._...!....}j.< ..\.....fBSJB............v4.0.30319......`...t...#~..........#Strings............#GUID...........#Blob......................3............................................................o...................4.................;...8.;...].;.....;...F.;.....;... .;.....;.....;.................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.DiagnosticSource.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):380576
                                                                                                                                                                                                                                        Entropy (8bit):6.735643509984664
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:xNrYIYO/3uqTtasHnkWg62wafPoSVsybyCrEVYEHJ01TxJS:jV3ukBkwoPACrEVtKfE
                                                                                                                                                                                                                                        MD5:FFC6107F4CF962DECA6085FD6D6943E8
                                                                                                                                                                                                                                        SHA1:DA6366AA3DCF4862A4A110BEFF4EE185D64BD5DD
                                                                                                                                                                                                                                        SHA-256:394B562E8F1B4A2D75C86A0CCC26434A9965AE478A81978700A510005A987B81
                                                                                                                                                                                                                                        SHA-512:158D082C2377CFACBCEA79733C6023555B715061004ECE84998A9C5E86B63ED9F451A91946E60EB38FE915C7BEB44534F18FDE8C3FF7AD9E15233AE8743B4955
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...w.B..........." ................................................................8^....`...@......@............... ......................................`....+.......(.......... )..T...............................................................H............text............................... ..`.data....}...0...~..................@....reloc..............................@..B............................................0...........................X.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.........C.o.m.m.e.n.t.s...P.r.o.v.i.d.e.s. .C.l.a.s.s.e.s. .t.h.a.t. .a.l.l.o.w. .y.o.u. .t.o. .d.e.c.o.u.p.l.e. .c.o.d.e. .l.o.g.g.i.n.g. .r.i.c.h. .(.u.n.s.e.r.i.a.l.i.z.a.b.l.e.). .d.i.a.g.n.o.s.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.FileVersionInfo.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):35600
                                                                                                                                                                                                                                        Entropy (8bit):6.488510148250486
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:tWdVV9WzoyY50a+3ZgW1n6lsLiKqFCM1nTrmowCwZ0oEmLnYA6VFHRN7gFDR9z7Q:0a1pgW9LiKqFCM1n2owXZZlFClkl9zaz
                                                                                                                                                                                                                                        MD5:9A9B46B21F1CC90D9E398AEE76CB831C
                                                                                                                                                                                                                                        SHA1:8BFC832B73D619C6AB4D83CEB563620EAD601A80
                                                                                                                                                                                                                                        SHA-256:62FA26059B49F049A5F3DD63984E2BEC531999B12659713FD9E673A3CDC49FDB
                                                                                                                                                                                                                                        SHA-512:CF15A0AA31DB2525A10A6AAC6DFBF383BF441200BB9C39DCEE4A6BE690434EA3C061D9870A39B9F3AC190952FB61C1859D856784F9A43249A0338FB737C9A787
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...tO............" .....X................................................................`...@......@............... ..................................t...8........b...)......T.......T...........................................................x...H............text....W.......X.................. ..`.data........p.......Z..............@....reloc..T............`..............@..B............................................0.......................d.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........|.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...X.....0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Process.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):290568
                                                                                                                                                                                                                                        Entropy (8bit):6.6831877089166865
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:jzvmR+TsVz/xZOkeijuG3yxs9b3NX1PkxBqqS7s03sx5Z+:jzeQTsVz/xjXjuGCjDr03sx5I
                                                                                                                                                                                                                                        MD5:29C2F7BBC8B17C8787ABB4D7EDC11DC6
                                                                                                                                                                                                                                        SHA1:79A2F9ABB8F4FED3A75962E21A8A0064F4633DB3
                                                                                                                                                                                                                                        SHA-256:B5AD22BF61562E5335CAB0D16233485F1E01B21556EEFA2F47E1C3E8FD5F6BF2
                                                                                                                                                                                                                                        SHA-512:A9C9EBBD52A4CF5C52D94F3810E21899C931BACE4C20B2923D26193F319BB07E23DDEF26B759EA45D31BAB9913421A99A772CA55918FAB4172C350BF605A96AA
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....V............" .........P...............................................p......*q....`...@......@............... ..................................D....m...!...F...)...`......@&..T...........................................................H...H............text............................... ..`.data....H.......J..................@....reloc.......`.......@..............@..B............................................0.......................4.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........L.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...(.....0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.StackTrace.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):36616
                                                                                                                                                                                                                                        Entropy (8bit):6.537255863264118
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:yt4gYfq6ejoniqkwx38n9Is/mjSTsssssssss4FCl3MFT9zC:yLYfq6ejoniqjx38n9IbjSzi8TzC
                                                                                                                                                                                                                                        MD5:C192A6B88DCA4AFD2A042C79A68155CC
                                                                                                                                                                                                                                        SHA1:B13A8B843D0735377C6A127565721019E54365D9
                                                                                                                                                                                                                                        SHA-256:27DD8C3DC2F22B40CFA443FC7B9A33520CEEC581A158042E9DD2451507A58105
                                                                                                                                                                                                                                        SHA-512:85B8E16B9BED456735B422FE726FFA1D3AC7FF5718F017E60829E3245DC1F454F077976E1140B168BC0D261D94B0636A2B4BC9918BBEB486B8A388BF0108E9F6
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....d..........." .....Z.......................................................... .....`...@......@............... ...............................................f...)..............T...............................................................H............text....X.......Z.................. ..`.data...~....p.......\..............@....reloc...............d..............@..B............................................0...........................l.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...T.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...D.i.a.g.n.o.s.t.i.c.s...S.t.a.c.k.T.r.a.c.e...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...d.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.TextWriterTraceListener.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):60688
                                                                                                                                                                                                                                        Entropy (8bit):6.543709261391772
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:HeWtDQZ7Fa+dddvw3hfgBsUbmoSNI8QUQXECIDoFI0yFjONFClrl9zs9:+DFaKddOtJI8GvJOHYir3zs9
                                                                                                                                                                                                                                        MD5:DEA179B29697ECAA3FA3199ECF9AC997
                                                                                                                                                                                                                                        SHA1:8AA7795711ECE9BDCC1A57CC548A7585FBD644B2
                                                                                                                                                                                                                                        SHA-256:583A5581861E0511ED7B0E2EAC14B4298B05C3E1FAEFD65318C6EDC78C4265F0
                                                                                                                                                                                                                                        SHA-512:B2CE8996D1A554A8D20BD45B2AFF84D29EC012963CB4F5EC2DFB09C6BD12F07BB46CB03F657EB4FCA47A8AE21A4ECC0CEE33367A9F183A6828291A07D07DC1D6
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...^..........." ................................................................3G....`...@......@............... ..................................4....'..8........)......$.......T...........................................................8...H............text............................... ..`.data...7...........................@....reloc..$...........................@..B............................................0.......................$.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........<.....S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...n.+...C.o.m.m.e.n.t.s...S.y.s.t.e.m...D.i.a.g.n.o.s.t.i.c.s...T.e.x.t.W.r.i.t.e.r.T.r.a.c.e.L.i.s.t.e.n.e.r.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...~.+...F.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Tools.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16032
                                                                                                                                                                                                                                        Entropy (8bit):6.6902230677661985
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:oyVTAixxeH/WQcUWyRpWjA6Kr4PFHnhWgN7aIWZBzDoSJj+iX01k9z3AmCNGuY:Nco8H/WQcUWGYA6VFHRN7oDX+iR9zZgY
                                                                                                                                                                                                                                        MD5:8E4C6E5CE84FBC5DAEE123ACD66AFF89
                                                                                                                                                                                                                                        SHA1:3729A072623C64EB9C68DAF3EB8B982990A686AE
                                                                                                                                                                                                                                        SHA-256:DEFFF523549F8128A9B5ADBAA175BB186748A1DE7D3B1DD4200C0C4FF9E8257D
                                                                                                                                                                                                                                        SHA-512:3FF7B996FD7F1C7D230F39683847FC6D1842E844B517397284D9EF2E453739E49CC75BF6A039A073C23224BB9A54798396CA98C6CFBCCC1210BE71EFAE5177B0
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....3............"!..0..............*... ........@.. ..............................'W....`..................................)..K....@...................(...`.......)..8............................................ ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H........ ..L...................P ........................................Y.%"...%Do}....$fYdO.V'1Ag.C..d.bx..1y4.,.F...<...m..)%.?.t...r.|;.i.~.M8p.....1D.|......x.O..b.H_............N..... .T.;BSJB............v4.0.30319......`.......#~..H...H...#Strings............#GUID...........#Blob......................3......................................Z.........s.........................,.....w...N.....F.....0.~...!.~.....~.....~.....~.....~.....~.....~.....~.................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.TraceSource.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):133416
                                                                                                                                                                                                                                        Entropy (8bit):6.551188165832685
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:bHjrVA3Ua/8lVkCAnPL0FlgsMzj2OE20esM9eVriqRIL8dXmty6lH4ziWzD:bvV7a0bg4F+sAaj2SM9eVriE2ty6B+NH
                                                                                                                                                                                                                                        MD5:AFB7C185FC983D0533BD729B121CB108
                                                                                                                                                                                                                                        SHA1:6FA0484D54708288F94AA6FB0AD6BE3D5F208656
                                                                                                                                                                                                                                        SHA-256:61C7903D1CDA2298112BCD7A0F57F1F76548A09CE7C1DEFE8D65A6B42268B4C5
                                                                                                                                                                                                                                        SHA-512:7380FBF5935FC2579E84923378A3EFA2C3D8F6E4954FF9F5D8007663B55ED33E81FE05A059A5E35A240A501BC298338FCAD885A579C78CD799CFABE47BC1D040
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." ................................................................k.....`...@......@............... ......................................L@..........()..............T...............................................................H............text............................... ..`.data...............................@....reloc..............................@..B............................................0...........................|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...V.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...D.i.a.g.n.o.s.t.i.c.s...T.r.a.c.e.S.o.u.r.c.e.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...f.....F.i.l.e.D.e.s.c.r.i.p.t.i.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Tracing.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16648
                                                                                                                                                                                                                                        Entropy (8bit):6.721684126311085
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:X75g6pDj+ymxxdZWbBDWOpWjA6Kr4PFHnhWgN7acWJtZQcADB6ZX01k9z3Atyi:X/+yM3ZWbBDWOYA6VFHRN72WcTR9z6yi
                                                                                                                                                                                                                                        MD5:1C693E6B4C17658F2E2F81F245D81F53
                                                                                                                                                                                                                                        SHA1:C9E2D650B90D0B19642CAC32C07251E4A6443073
                                                                                                                                                                                                                                        SHA-256:ED823EA98320410EC6675FCB555FA34EE295081A3D7653D6CF10E5424E7F2459
                                                                                                                                                                                                                                        SHA-512:58600DF3D1B5B1DA028D4B8EEDC06C953DB6B940F2B9B32EDA6134B50515D7A9C3EC3B47D230FEDED12D0B3F2B6159B9EDE1CD50A880444C562B439C8E3EF82A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....V..........."!..0.............>-... ........@.. ....................................`..................................,..S....@...................)...`......0,..8............................................ ............... ..H............text...D.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................ -......H........ ..`...................P ......................................irj.gz...a..0.*.u...3(]a.f'..Drt-.\.R......X..S....z.Y.....t2...x.X..D..7.V\.R'....,.c...m_X.n.....7..B.w.z....D...B.5BSJB............v4.0.30319......`.......#~..........#Strings............#GUID...........#Blob......................3................................ .....................].........................................m.....q.....D...........P...........*...............................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Drawing.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):130312
                                                                                                                                                                                                                                        Entropy (8bit):6.3785881753390115
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:b21fgY6c2/Pwp2Hj/ygb4xfHIKHnT6IdI0WkHLbjypy6hKl:y1fwyyzKHm+ljrkc
                                                                                                                                                                                                                                        MD5:0D17F379D5E18424C1CDBA037DFE8E02
                                                                                                                                                                                                                                        SHA1:F1D1FF0FD4E3A32AF9E7A2B0EB3D0FEC4586B185
                                                                                                                                                                                                                                        SHA-256:AE4D4D0A9018A3BEE1D1AAADE35872840223B6EA80F42F9ABC8CD94D0173582E
                                                                                                                                                                                                                                        SHA-512:8476EA5D21925EAC7007A0C0F48E3AB95D37B4E1C501FC321ACC41BC0D8E5FF59293EB6AB54314797759AF48997C21204BDE91014BF8C7F553F79471BAF6BC73
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...;.g..........." .................................................................S....`...@......@............... ..................................8....0...........)......,.......T...........................................................8...H............text...f........................... ..`.data...f...........................@....reloc..,...........................@..B............................................0.......................(.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........@.....S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Drawing.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21256
                                                                                                                                                                                                                                        Entropy (8bit):6.399232557439348
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:GgyLzP7uC8sYITetzP974PbXWx/tWbYA6VFHRN7PRxB+R9zPdq:Ggy7QRN2FClPRxw9zs
                                                                                                                                                                                                                                        MD5:E71CD9814EAF71614068C87F69221ECD
                                                                                                                                                                                                                                        SHA1:28F617B40E91E60744B9259C5F9CC52F4803EAC0
                                                                                                                                                                                                                                        SHA-256:493CA897860F0B3698041A562A6BA871BA69AE9B2120856AD98A99BF98B9EC8A
                                                                                                                                                                                                                                        SHA-512:BA3205DE3FD4DBE702E088BD93B5F5CA3EB022E29775C7C5A8A20D0C416407889E4E3DD6E28BA63E7537702A2CA4329DC56F64B6CED7D93EA2BB724592DDDC38
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.. ...........>... ...@....... ..............................I+....`.................................}>..O....@..X............*...)...`.......=..T............................................ ............... ..H............text........ ... .................. ..`.rsrc...X....@......."..............@..@.reloc.......`.......(..............@..B.................>......H.......P ......................(=......................................BSJB............v4.0.30319......l.......#~......l...#Strings....|.......#US.........#GUID.......H...#Blob............T.........3..................................................................m...........#...............d.....x...........W...................................;.....~.[.......................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V...y.V.....V. ...V.....V...

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Dynamic.Runtime.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16648
                                                                                                                                                                                                                                        Entropy (8bit):6.682833908003748
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:OGMeH1jyMWsmCWpYA6VFHRN7YpjNbZR9zahO:D1SFFClWjFT9z3
                                                                                                                                                                                                                                        MD5:0B5B4A265DF1687CD6CE5A5C0C2B257F
                                                                                                                                                                                                                                        SHA1:FD358CEDBDC44A8635831A27BF201E557564EC4B
                                                                                                                                                                                                                                        SHA-256:1CBD5B22FE6CC0701B8C0A8BDE7D47C9E98FF36F878D7AB21EF6DCC2E07031E7
                                                                                                                                                                                                                                        SHA-512:8764648F88EB51273A25C46E4F87E41DE3F544F56510670D1AA7C10A1393E9B647813AEDD177A7A4D0BEAEF446A7DBF20E00F884071BA4CA08A7861204D739EE
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...."............"!..0..............,... ........@.. ...............................e....`.................................\,..O....@...................)...`.......+..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H........ ......................P ......................................u6.R6.;..$..y..3+L.,..q?-C+&Mw,me...z.....%.~...L..>.W...5.m.6........h..u.C.W....5..B..[...... ...5.;..........?B|c:c.AqBSJB............v4.0.30319......`...P...#~..........#Strings....0.......#GUID...@.......#Blob......................3......................................>.........W...............................Y...9.r...j.r.....r.....r.....r.....r.....r...w.r.....r...........#.................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Formats.Asn1.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):200456
                                                                                                                                                                                                                                        Entropy (8bit):6.678151949832614
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:vfjQgR2Iits3cbSjp74Cmwkv9Rc5ff3MAdI:vfUy27tScbSjp74CmwTvM0I
                                                                                                                                                                                                                                        MD5:0F50B814E03E5D788050A64A02E79186
                                                                                                                                                                                                                                        SHA1:F4784DE5C05420D20962911E8A9C25BF4A5472EC
                                                                                                                                                                                                                                        SHA-256:62EE5698F9DD0429111B6E206E681774A9A61B89DE860632BA1F1E669E2B4B67
                                                                                                                                                                                                                                        SHA-512:1509426BD27ED3722FF8AAE7BED13FA4BF0DD51211ADE6CA7EF564782952E2A7A4DE3365253A0EB59CD66604D6689F4055AA7977F4E3792188A74316048671DF
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...r............" .........(......................................................e.....`...@......@............... ......................................XO...........)........... ..T...............................................................H............text............................... ..`.data...1".......$..................@....reloc..............................@..B............................................0...........................H.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...j.....C.o.m.m.e.n.t.s...P.r.o.v.i.d.e.s. .c.l.a.s.s.e.s. .t.h.a.t. .c.a.n. .r.e.a.d. .a.n.d. .w.r.i.t.e. .t.h.e. .A.S.N...1. .B.E.R.,. .C.E.R.,. .a.n.d. .D.E.R. .d.a.t.a. .f.o.r.m.a.t.s...........

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Globalization.Calendars.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16168
                                                                                                                                                                                                                                        Entropy (8bit):6.800001141845772
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:bas74RqXWDRq4PRqm0Rq7WAYA6VFHRN7rJsYlORR9zP9pv/:1OqKqaqmuqfFClrJDK9zb/
                                                                                                                                                                                                                                        MD5:60EC046F6E006115F5E0F69349B66976
                                                                                                                                                                                                                                        SHA1:47579FAE1C87A132AAD35A7BFB00C34B03ACC3EF
                                                                                                                                                                                                                                        SHA-256:CA6A9C3A0F8F9A2F7310326F5B14BE7BAF5A317AD600A0516A5AF0C49D29C803
                                                                                                                                                                                                                                        SHA-512:A74BA829A1CDF6B32013C3572591E1AAB8D48998B97DA73E4225DA0DE9D2CBAC91D3B51951C2856E1F940639D4A398F48D6CCA0CD62AAAC8713899161997368E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....n............"!..0..............+... ........@.. ...............................#....`..................................+..W....@..................()...`.......*..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........ ......................P .......................................=.c'm'"0N(..|..{Z.%.3..P.G.*^...QO}....e3.W.r...............10N.g.y.j.lZ.Q.EBCI.d...i.6..K.....l<lG..Az.U]m.$...[d...G..x.BSJB............v4.0.30319......`.......#~......$...#Strings....0.......#GUID...@.......#Blob......................3................................................"...........;...........f.......,.................H...!.H.....H...[.H.....H.....H.....H...B.H...O.H...v.............

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Globalization.Extensions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                                                        Entropy (8bit):6.829197730895101
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:PluRPWYRgcRp0RjW2X6HRN7wnipR9z+pt9Pa5:PaNVpupWwiD9zWnPa5
                                                                                                                                                                                                                                        MD5:6687C41093EC1E800065E8B9F519C85C
                                                                                                                                                                                                                                        SHA1:A1C75BF69C5229431DAB32AD6CAE238F5C23BC89
                                                                                                                                                                                                                                        SHA-256:727FCC0B9C7F2C8E442B79CB27DDFA0F77C988A3ABCAC1D8AC54B8B5D13FA2FD
                                                                                                                                                                                                                                        SHA-512:C85864BC5DC84D611A2F72AABAF46EB4711F824ECCA6303268C87DA702B3584D7B882C55A16824FDAD5D04F5AE91DD82461B52D1A4767B56362C18B746EB3932
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B^c..........."!..0..............)... ........@.. ...............................s....`.................................h)..S....@...................)...`.......(..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H........ ......................P ......................................l./%..d...w.Ah3C....O.*.~.[....I+.....e.....S6|....q......m.Uo.....X4...Lt...{f[^X|I..o.. K.].m-...~.D......V......1aVEJ.M.3,<BSJB............v4.0.30319......`.......#~..@.......#Strings....$.......#GUID...4.......#Blob......................3..................................................P.....P...3.=...p.....^.....a.......%.....%...w.%.....%.....%...w.%.....%.....%...G.%...I.P.................7.....

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Globalization.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16032
                                                                                                                                                                                                                                        Entropy (8bit):6.722888698554338
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:amQ/APRLWdRMxRA0RHWDSYA6VFHRN7ht1t6R9z7UK9:amQ/k00AupFClht1t29zgQ
                                                                                                                                                                                                                                        MD5:8122E1A69A6500E33056AE1556B83C1A
                                                                                                                                                                                                                                        SHA1:F10E765E55F79FE056B8E0B74C3DD1A04351CFCF
                                                                                                                                                                                                                                        SHA-256:71B712F484C595CEE326A040C8868D11EBB8A28F8E10F58579E76C6B056ED6E7
                                                                                                                                                                                                                                        SHA-512:B1568DC386ACD6C1CB8C5867CADDEE680C228F04A09EFD7616C712F5B2D00EA837F90BDEA28E326750BF6AC5BA639181FCAB73AFF9C2EF73986B9A30D404FBB7
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...w............."!..0..............+... ........@.. ....................................`..................................*..K....@...................(...`.......*..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H........ ..D...................P .......................................7.)n..a.&.3..... ..]tM.%:.....:%.[....F.5-.....M...L[...F.k=........FZQ.e...Xx~........*.k...LPw......T\.o.{9...+=1AB.BSJB............v4.0.30319......`.......#~..........#Strings............#GUID...........#Blob......................3......................................).........3.K.....K...L.....k.....w.......B.....,.....,.....^...2.^.....^...l.^.....^.....^.....^...S.^...`.^.....K...........

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.Brotli.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):72968
                                                                                                                                                                                                                                        Entropy (8bit):6.528958006044264
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:alBKjElqr5dSOyXb23tCZrEp8RvVifTzb:ab4ElW5zyXb238rjViTf
                                                                                                                                                                                                                                        MD5:AA9B333FA47EABC7D9EAFE6FE7A263FC
                                                                                                                                                                                                                                        SHA1:22C6E5092A6D596737A5398F70F98503B4AA14EC
                                                                                                                                                                                                                                        SHA-256:11C5A8B74E363109C89697BDCAE2EC3A3AE6408FF42D502862E8A7B95E5265A2
                                                                                                                                                                                                                                        SHA-512:22BF2ABFDEA1FACE270E806931CD81EE174F585B59EC2E9D5478D4FDFFEBF3C6F84D8D9B0C47F1A4A833FDCBE4738596C72EC5A3B7A4B0DA7D2EF008920AD460
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....}..........." ......................................................... ......}.....`...@......@............... ..................................P...<)...........)......l.......T...........................................................P...H............text...D........................... ..`.data...............................@....reloc..l...........................@..B............................................0.......................@.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........X.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...4.....0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.FileSystem.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16136
                                                                                                                                                                                                                                        Entropy (8bit):6.724449548328205
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:GOPrezAaWuCmWJpWjA6Kr4PFHnhWgN7acWFv9O4x6RMySX01k9z3Ahts/a:TPcAaWuCmWJYA6VFHRN7Mv9OHMR9z2h
                                                                                                                                                                                                                                        MD5:1A86FF69F935493E236CE382FE70715A
                                                                                                                                                                                                                                        SHA1:BB0A289B47E157FFE16ECC0BF4360E1800616CCC
                                                                                                                                                                                                                                        SHA-256:9AFBD90627BA2A53C73D12C44DA02342899395CA847B0FAA169304C9267F8C2D
                                                                                                                                                                                                                                        SHA-512:0573D7D99D1735F7101F0F80D50126673A8EAA9EF9DA685489BA7F62F9455080CB7E02731960CCE94B9A88DD41A973E9773E87E49B3475372D7E50E5A1E451D4
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...+............." ..0..............*... ...@....... ....................................`.................................9*..O....@...................)...`......@)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................m*......H.......P ..p....................(......................................BSJB............v4.0.30319......l.......#~..t... ...#Strings............#US.........#GUID...........#Blob............T.........3....................................................I...........k...................[...+.....7...................................i...........x...........Q.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y......... .............

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.Native.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):826128
                                                                                                                                                                                                                                        Entropy (8bit):6.112403183100119
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:CJhYe83Gfyv7vrkasX8LZ6dA9NWYIAHhlyR8ZXTw05nmZfRK1o:IYXv7vr5dx9IAniAmZfREo
                                                                                                                                                                                                                                        MD5:83183EED671A225CACCC6335313D2179
                                                                                                                                                                                                                                        SHA1:9A11A9790E64443DE2C26EB52DFC6BD6C74F1558
                                                                                                                                                                                                                                        SHA-256:A0BF4ADBFFCDA63F954F8F5564EC53946AFCEEAA69506F17AE5DB214472C5500
                                                                                                                                                                                                                                        SHA-512:B2871B9DA5D2EF390EF9297D6052EA809EFE4EDEEFAAF53221B029C93C064FFB2E3499F2A8A827A8B0A0C40A441627AA4B7485C72B082F5BBAF13F5BC9E4F193
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*.ORn.!.n.!.n.!.g...b.!... .m.!.n. ./.!.<.$.q.!.<.%.d.!.<.".f.!...).@.!...!.o.!.....o.!...#.o.!.Richn.!.........PE..d......f.........." ......................................................................`A.........................................V..<...<Y..x.......h....p.......r...)...........&..p...........................0'..8............................................text............................... ..`.rdata..._.......`..................@..@.data...,....`.......H..............@....pdata.......p.......L..............@..@_RDATA...............j..............@..@.rsrc...h............l..............@..@.reloc...............p..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.ZipFile.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):39688
                                                                                                                                                                                                                                        Entropy (8bit):6.509096272626782
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:0WPIIWzAp7Xgjg1al2Yd5zDN2g47XCIYUvsWIXpuJFH9CEUoGdqtHfSBGU0ypu+H:+OwDf4gMCUUjgsEUtcGpXvFClVRxw9zf
                                                                                                                                                                                                                                        MD5:B9C3C7F050ADF5D8AB365AB6D3587286
                                                                                                                                                                                                                                        SHA1:0FF43EDC2E21828E491CD662B379A7F69FD5C016
                                                                                                                                                                                                                                        SHA-256:25EACA54AA1CDF58C6EDF379C6F61674C968DB982E56CBF5072576E058B679A3
                                                                                                                                                                                                                                        SHA-512:54780E0040B03CB1783F8FB8177AB57F3C1E70D1279B3B4C40E9E84F291309F7DDDFF2893F11652DEBAA68FA7CE5EFFBCAB6A43198A967408D777D5E809F39C8
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...O............" .....d..........................................................2.....`...@......@............... ..................................P.......4....r...)..............T...........................................................P...H............text....b.......d.................. ..`.data...e............f..............@....reloc...............p..............@..B............................................0.......................@.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........X.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...4.....0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):267056
                                                                                                                                                                                                                                        Entropy (8bit):6.676156102505666
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:pPlVaqxaMRqarRTaoJLaT2uPhMSt3JiTHqE0F8LVq/GMjya953xieUbwn+3cCEqC:j0eD8xwgiTzVqXtpIMV/cOVjKGb
                                                                                                                                                                                                                                        MD5:649DBDC92B5DBD1607A1F6B650BEC02C
                                                                                                                                                                                                                                        SHA1:F41CEF14036CE1B578720F43F646D24B09E74DA5
                                                                                                                                                                                                                                        SHA-256:732AADE5AC1542E66ACA020BDC2C8BFDBCEC21168F7B347F88A844315713AA8F
                                                                                                                                                                                                                                        SHA-512:2C8D70EF32E5840276A1EBE3215FB6FDFDFEFDDEBF392970578F1C9B2AE33B100980BBDA639A51769CAA07A3046E22DF1D6CD9DFE6A0E10F83F0A0941CAD740D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...).1..........." .........@......................................................&.....`...@......@............... .................................. ....j..T.......0)......@... '..T........................................................... ...H............text...1........................... ..`.data....8.......:..................@....reloc..@...........................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........(.....S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.AccessControl.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):93960
                                                                                                                                                                                                                                        Entropy (8bit):6.568373020345826
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:QaWBXrBsyesUkP3IYoXxs6+gvXYqFBigvfL4iuz0:QdBXr2yrIjo4CCT4BQ
                                                                                                                                                                                                                                        MD5:6F62AB0BC69B1115DB7EA79AC22B249F
                                                                                                                                                                                                                                        SHA1:DF95F07D55F58EBE9323F7F3CB4C53B4A4E16D28
                                                                                                                                                                                                                                        SHA-256:388D827290273301ECE6A797E2021238675BBDB424C520F4CF922C5420F4B9B7
                                                                                                                                                                                                                                        SHA-512:9AC0230B59FE22C30B381A294CC3C4B8FB43FB17268C810172CE2B35337467F4A0501C7DAE3C140FA37465ABCAD2D830C6D63F1A278ABBFAF2ADAB315F024E5C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....`..........." .....(...................................................p.......>....`...@......@............... ..................................t...T/.......F...)...`......H...T...........................................................x...H............text...w&.......(.................. ..`.data........@.......*..............@....reloc.......`.......B..............@..B............................................0.......................d.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........|.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...X.....0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.DriveInfo.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):42784
                                                                                                                                                                                                                                        Entropy (8bit):6.444572054452613
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:9WUWyWquDVCHWl2Yd5zwNirXKT2JoYuchKG46JdicX+zu6CVy1/8K4Y5eHs+dLiq:ovf/mv36JwcXKLkK4YoSL1W9U9zG
                                                                                                                                                                                                                                        MD5:467F13402BC600AE9872E7A82D891D1A
                                                                                                                                                                                                                                        SHA1:837E11B9B7C67B617538958267849DBC3B080EF1
                                                                                                                                                                                                                                        SHA-256:B26AEB1B48380512658550F2BE2C196C46F067FA5014E5C0693A289243364D4D
                                                                                                                                                                                                                                        SHA-512:2440286517E87F5D93446271C5B10AD53C1E7EC21E5C59B067392A6935E5CDA73F5750398859BCBB204511025C4D5633E3BA9220FFFDA31D2EB0683217508126
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...}=............" .....p..........................................................I.....`...@......@............... ..................................\............~.. )..............T...........................................................`...H............text....n.......p.................. ..`.data...s............r..............@....reloc...............|..............@..B............................................0.......................L.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........d.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...@.....0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15632
                                                                                                                                                                                                                                        Entropy (8bit):6.8279746301481845
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:QdhYqx9jW/uqWjpWjA6Kr4PFHnhWgN7agWirdIhHssDX01k9z3AGWym+:QdJ9jW/uqWjYA6VFHRN7FriFDR9z7Wa
                                                                                                                                                                                                                                        MD5:6334DFF8984928C204C051F8BB212F73
                                                                                                                                                                                                                                        SHA1:2C64DDA4206516603475EC7AD9539312F8019666
                                                                                                                                                                                                                                        SHA-256:EEA42A0A145C32604C595A6A0A1AA1221AF7C5FF78F4F68C5A274A6239A1A834
                                                                                                                                                                                                                                        SHA-512:443A2AEAAE4E5F74DA8B41F1C6EF8E6C653E07B1238516650DB835298850D44DB87EB55C8A71A8EB90CEDDEA3C2B81A6F3655FF4C1FDAE7B72FE6C9CF48B61F9
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...!C............"!..0..............)... ........@.. ....................................`.................................`)..K....@...................)...`.......(..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H........ ......................P ........................................E....(r...;.=:|..~P...m.'...tAI.y.#.;......k.....l..........T.G.R.!.a.....#.-...D.2.:X.5.ku.|.[.9W.......v.(L..6.....j;..\BSJB............v4.0.30319......`.......#~..L.......#Strings............#GUID...,.......#Blob......................3................................................!.J.....J..._.7...j.......................E...........Z.......................A.....s.....u.J.................1.....

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.Watcher.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):72456
                                                                                                                                                                                                                                        Entropy (8bit):6.538568534245824
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:rFuxG26GxE6ILBZ2ds7lgIdVI0bWG5izpzWeA:rkxpVWlZh7lR7I0bp5+pyeA
                                                                                                                                                                                                                                        MD5:6856A5853399F7C86959542D4ABE32D1
                                                                                                                                                                                                                                        SHA1:9AA4CE1651EAA297E15AA9F8F784B94D606242E5
                                                                                                                                                                                                                                        SHA-256:A101BBC1337F65C6BE09AC88854029AFBE9469528B659C92CC32BAE1CAC1BE36
                                                                                                                                                                                                                                        SHA-512:C5B66CEA3FA103FC05E0A58F6F5D8B4C2B12AC11ED32FB873C1F4C90D35F49B508BA28F87A9AE85758A20151C8A5D7CB6575FD3BD6AC0702272F2E8F8C399047
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....A..........." ......................................................... ............`...@......@............... ..................................P...d(...........)......p.......T...........................................................P...H............text............................... ..`.data...............................@....reloc..p...........................@..B............................................0.......................@.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........X.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...4.....0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):24328
                                                                                                                                                                                                                                        Entropy (8bit):6.349400167788197
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:wz5aPWc+mFnJ85Zu+m2sqjd5z5nNkch2LthOWyy2WQYA6VFHRN7i2R9zza+AsT:wIP7Fn8dPfVqekFYFCliK9zMS
                                                                                                                                                                                                                                        MD5:A45852ED049BBB2BBC5036E3909FCB7D
                                                                                                                                                                                                                                        SHA1:93A8FBFD22D84182944949C1619AD1181CD339EE
                                                                                                                                                                                                                                        SHA-256:9EF524A46534029C549509E464CD5893E32FBDE5EF29BD00AA2020AA5C5CA7FC
                                                                                                                                                                                                                                        SHA-512:058CC5F00A6965DFE2F650B7D4FDFA41F53ECA95C1BD7DD3F0A0113D8DA7C643FA0D41AD4F86F51AB4BBB7486485E08064F2CDED437652170F597BDF143EFDF0
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...f./..........."!..0..,..........NJ... ........@.. ....................................`..................................I..S....`...............6...)..........LI..8............................................ ............... ..H............text...T*... ...,.................. ..`.rsrc........`......................@..@.reloc...............4..............@..B................0J......H.......h?..............P .......>.....................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....9.......PADPADP..7../...........S.t...p..T...3.2...0.J.M.*.=.0....bAA. .e......"....N..~..s...@].Sew.s.t.7.4...5.......x..........]..Q~........#n..'.<.+2]./...0...2.W.4...4>..5q..:...>(.3OL"PP^..V~..VV..eRaDf.3.f7..f..fj.Hpj.1.j..&u

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.IsolatedStorage.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):83720
                                                                                                                                                                                                                                        Entropy (8bit):6.496857838837457
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:o8cy0w9JvivZVauxGHUopdNeU+Mf36HZMV8cidIzN:om9JviyuxGHUopdNeuf36HKqcV5
                                                                                                                                                                                                                                        MD5:3B2A12A984CE0BF13D5456E2A1A8B7E1
                                                                                                                                                                                                                                        SHA1:9AFF09FBE28F6229A568EFE481649427B9E940EF
                                                                                                                                                                                                                                        SHA-256:E93461BD9BB50625F8EDB92B80747C73BBCE2012058E8ED18CB80ED5BE0C8C4E
                                                                                                                                                                                                                                        SHA-512:94331602911AB39A5EC816562F5D29B7982B180FA7A88C752C4E58B5E95281F94B97BF95E33CA6643977EB4F4D88F4BC153E1FBA10FB460803636EE93D134B04
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....H..........." .........................................................P............`...@......@............... ..................................8....,...........)...@..........T...........................................................8...H............text............................... ..`.data...}.... ......................@....reloc.......@......................@..B............................................0.......................(.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........@.....S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.MemoryMappedFiles.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):69392
                                                                                                                                                                                                                                        Entropy (8bit):6.416282203605119
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:6q4zbv1VnpSetYSxycVFidKg0WWcnic23zc:6jv1SetYMXVMdKg0WWm634
                                                                                                                                                                                                                                        MD5:A28A3AA833134E59F793389AFF65DA55
                                                                                                                                                                                                                                        SHA1:5ECE44F0ECC710BA0732633B7078A70867936964
                                                                                                                                                                                                                                        SHA-256:C9774E7FB725A7517BCC758832F2FC3046EECC5DC05656757BF3E6B555340289
                                                                                                                                                                                                                                        SHA-512:3DF973C8247E2E1277679F9C6F2FB8DF0B8536BCE073455E3AB858D2F5674E7A49E6D0C90953AAC09480859D72373CA750CB6A094AEC8656CB5D151D305C721D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...N............" ......................................................................`...@......@............... ..................................D...@%...........)..............T...........................................................H...H............text............................... ..`.data...h...........................@....reloc..............................@..B............................................0.......................4.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........L.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...(.....0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Pipes.AccessControl.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16656
                                                                                                                                                                                                                                        Entropy (8bit):6.796773675745742
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:qhedWmW+lPWp2YA6VFHRN7IP2IR9zo+CK:qhGl/FClfU9zwK
                                                                                                                                                                                                                                        MD5:6CA91D68B229B7FB22BAF4CD90E3B6DF
                                                                                                                                                                                                                                        SHA1:5992816675CDF4A308AE3ED4B067333E2A6136DD
                                                                                                                                                                                                                                        SHA-256:457210C9BEE0BC23BB939A0C066648A1BF644EFC2E688CD5B9A34A0887E8B9D7
                                                                                                                                                                                                                                        SHA-512:BC229BE933AA3AC268A1DB6F3D72BBBFEE17132D9E219A811D191FF119F127E3640B26CF00913716CE431BE17314D2F5300A4FB55C9709E7A91DDF4B6C6838A3
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H............."!..0..............-... ........@.. ...............................d....`.................................4-..W....@..T................)...`......p,..8............................................ ............... ..H............text........ ...................... ..`.rsrc...T....@......................@..@.reloc.......`......................@..B................p-......H........"..............P ......h"...........................................<linker>.. <assembly fullname="System.IO.Pipes.AccessControl" feature="System.Resources.UseSystemResourceKeys" featurevalue="true">.. System.Resources.UseSystemResourceKeys removes resource strings and instead uses the resource key as the exception message -->.. <resource name="FxResources.System.IO.Pipes.AccessControl.SR.resources" action="remove" />.. <type fullname="System.SR">..

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Pipes.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):136456
                                                                                                                                                                                                                                        Entropy (8bit):6.505276293770358
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:Tesr1AT4UdLwfR0CogtN6gQTveCMi0eZemClyk87hv/d4:dAk0EtMgCWS0tev/W
                                                                                                                                                                                                                                        MD5:9B7CB60F3687BB167C364027C69BE75F
                                                                                                                                                                                                                                        SHA1:F7D769F90F6FD22C121068CEC9AEC982CDB8511E
                                                                                                                                                                                                                                        SHA-256:ED9A1BFEC6B09CDDE2BB9FD7360C317A8FA536A39A211C649BC09324F6230455
                                                                                                                                                                                                                                        SHA-512:8428475F090AC092B2F97A824FA37AC21CE033C879CA082C93C3A127AE9086851997691CBFA85C232E96401D7347C2C075078A1A61DDEEF02D9A6AC095BFC776
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........(............................................... ......@H....`...@......@............... ......................................H;...........)..............T...............................................................H............text............................... ..`.data....".......$..................@....reloc..............................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.UnmanagedMemoryStream.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15632
                                                                                                                                                                                                                                        Entropy (8bit):6.835129073107362
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:pRHaXwxxx0SsWj6+WCpWjA6Kr4PFHnhWgN7agWtu8RwX01k9z3AeJR42Z1Of:4wb+ZWj6+WCYA6VFHRN7n9R9zrJRLZ1u
                                                                                                                                                                                                                                        MD5:255A63BB93AC8BEE021387B56A829104
                                                                                                                                                                                                                                        SHA1:B2BA88675BE4E005FB696ADEF5E99ADF2DEFAF47
                                                                                                                                                                                                                                        SHA-256:AAC0BCE431DE0D833394371359AE5BDD94B369C77733AA078B2EFAACDFCCCB2F
                                                                                                                                                                                                                                        SHA-512:3BB01D1F576C03895B0AA235624EC5B868EAF91621F997018A8F6EFBF469FD930AB548B4F1450D2B4AA543388BA4B9645284CBD2BEF0F39370341E911E1919A3
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....\..........."!..0..............)... ........@.. ....................................`..................................)..K....@...................)...`.......(..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H........ ......................P ......................................Q..].i...........k;.!..)zw.V....0/(J......$L.....1i.A.+..D5.....G.|.&.c.va7.c..6L..!R......N..3...........RO........D....#BSJB............v4.0.30319......`.......#~..<.......#Strings....,.......#GUID...<.......#Blob......................3................................................,...........E...........p.......W.................^...+.^.....^...e.^.....^.....^.....^...L.^...Y.^.................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16136
                                                                                                                                                                                                                                        Entropy (8bit):6.684716827535747
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:5bn83gY2W25bWXYA6VFHRN7Mm2R9zza+Qjb:1ndlcFClDK9zM/
                                                                                                                                                                                                                                        MD5:CCA0BFF7447B36C3585BD58E7331553C
                                                                                                                                                                                                                                        SHA1:60F98F8F0E64CC99C3870ACDF6853305E95DB2D7
                                                                                                                                                                                                                                        SHA-256:B772B9323E9E0C1B1E30FADC067A972132A434DA35B7FBF94F83E3DFD7D18F5C
                                                                                                                                                                                                                                        SHA-512:640926BB6951D915F40372A4FA8F200304EA040ED6D066D9EBFF06C104AFEF52091CEA415574A20168B0F90EBB8C60E491E11DA311ACCCA4DCC16DF3F426B20A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j............"!..0.............~*... ........@.. ..............................7-....`.................................0*..K....@..(................)...`.......)..8............................................ ............... ..H............text........ ...................... ..`.rsrc...(....@......................@..@.reloc.......`......................@..B................`*......H........ ......................P ......................................P....].&`..9.wl....R....k.SI}iK.N. ..h...1F......4.Y....eI9.......i.;.L.hN...a.G....w6..0....Q.#...8. {.%....2Eh>8i]...aBSJB............v4.0.30319......`.......#~......8...#Strings....,.......#GUID...<.......#Blob......................3............................................................=.....).....h.....k...........#...........8.............................Q.....S.........................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.Expressions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3857168
                                                                                                                                                                                                                                        Entropy (8bit):6.688507729288586
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:NcJRCkV0qWhSxCKB+GuuYKfM21hDPX7dRVLTeeYjGt553P77zbr7jrgrr+69NHX6:GJRCBhSzBpzfl1mja52rr+ANHXUZ
                                                                                                                                                                                                                                        MD5:41FA254B55E24CEBCACF5076FC3029A5
                                                                                                                                                                                                                                        SHA1:772DF03395D545DCAD32AF8F842FBB5BC1D208F8
                                                                                                                                                                                                                                        SHA-256:5FF8E5B5DE3AA34EC78E7242B4A79031C8193708DF7D558BAB940BC7AB9BF44F
                                                                                                                                                                                                                                        SHA-512:0DA185EE166679EE8F984D6319EB775C23E047FC064D42FB753B756464F95E336FFEF2537DEA09AEF2350F48C16CE1699A038C6E6EB4520A4492CF6A7E537B20
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....k..........." .....F4..j................................................:.......;...`...@......@............... .......................................(........:..)...p:..b...w..T...............................................................H............text...(E4......F4................. ..`.data........`4......H4.............@....reloc...b...p:..d...N:.............@..B............................................0...........................<.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o...x.....0.0.0.0.0.4.b.0...H.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...L.i.n.q...E.x.p.r.e.s.s.i.o.n.s...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...X.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.Parallel.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):848680
                                                                                                                                                                                                                                        Entropy (8bit):6.7973776393266006
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:gTwW686EirtG6ywFx+6iYr9MRNAj14rjc6HqsXOnJcRVaeTz6tFe+sSc:gerswFx+6iUl4d+JcRpkFe+S
                                                                                                                                                                                                                                        MD5:E2CB15F2999A77A88DD9387E291F5642
                                                                                                                                                                                                                                        SHA1:8471EB6244175E636C8F8725E194955F046A8C38
                                                                                                                                                                                                                                        SHA-256:F025EBA4ACCD76656B7FC7ACFA35A2DA5FC22C03003EDFDC7769343B352E35FD
                                                                                                                                                                                                                                        SHA-512:C1D1A76FA934A74EB333CA69CFEBA23B4B68174EB0EB817BE81FC33831C980EF248444541AC97A13AFEC4E0714A2732D2DC399E2FE738C96905EE71A501E6D52
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" .....V...r............................................................`...@......@............... ..........................................8p......()......P...0...T...............................................................H............text....U.......V.................. ..`.data....X...p...Z...X..............@....reloc..P...........................@..B............................................0.......................t...,.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o...h.....0.0.0.0.0.4.b.0...B.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...L.i.n.q...P.a.r.a.l.l.e.l.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...R.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.e.m.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.Queryable.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):228616
                                                                                                                                                                                                                                        Entropy (8bit):6.512443359566012
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:RZIyoRf1vQ4cHZEAAJLX02JiReD2bY7i+I/4n148cJE87MZzZiqGM+3aTol2iYIv:Rfo91vQbHZtuz02gb8dn5cgZ9GXVICv
                                                                                                                                                                                                                                        MD5:0FD8A529D17BDEC60A3D941E5BEAC4FC
                                                                                                                                                                                                                                        SHA1:08FEAFAE32E7CCB861F34034599B53C368E6DA5C
                                                                                                                                                                                                                                        SHA-256:7B1E83169F3865DB64C05C4CCC1C913E868E8B675B78B734923BDDE7E15ACE50
                                                                                                                                                                                                                                        SHA-512:8181FBB05721ECB49B97787A935E23F21770DCB8A7AA3C1FA554D8A096BD5F2F7A7D92BAB2443E5148173E832EDAD9B6D3006292BEFB2D3C69C7D7B5912B749E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...;.b..........." .........z...............................................p............`...@......@............... .......................................4.......T...)...`......h...T...............................................................H............text............................... ..`.data....n.......p..................@....reloc.......`.......J..............@..B............................................0.......................t...,.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o...h.....0.0.0.0.0.4.b.0...D.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...L.i.n.q...Q.u.e.r.y.a.b.l.e...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...T.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.e.m.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):537896
                                                                                                                                                                                                                                        Entropy (8bit):6.825953112999709
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:vLvJrD97IezrSLW5iIEobS5lEPsypTcenKskBvYvvyejaQO02KuAlz8J1J4+PDx8:TBrZ7IJ65iIET5mYIKsk8HQ8UASxW02
                                                                                                                                                                                                                                        MD5:DD7DD41A5EF369048A21784A73993E86
                                                                                                                                                                                                                                        SHA1:27A030563148509EBDC9E983E18885E621CDC26D
                                                                                                                                                                                                                                        SHA-256:F77B6D40B0B23614975F9124E337D7839194E2108D1C047D8DAE3F3F04ECD429
                                                                                                                                                                                                                                        SHA-512:C3823135C67A8492B507DCBE712D92821F5E896931C3B8C797FA9040E7D525842CABC0F196C0C5527F08D266A01EE3066B2F1E4930DC9EF833E6D85978736FFC
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....p............" .....`................................................... ............`...@......@............... ..................................4...$...8F......()..............T...........................................................8...H............text...._.......`.................. ..`.data.......p.......b..............@....reloc..............................@..B............................................0.......................$.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........<.....S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...0.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...L.i.n.q...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...@.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.e.m...L.i.n.q...>.....F.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Memory.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):173832
                                                                                                                                                                                                                                        Entropy (8bit):6.801666674835895
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:ft95NfdOt6imRtccnfS7h+y6fM/XkFPh/h/tmlTYrADS12UogJv8Xx:bdOtbXcn67h9oPh/hwOUD0v8h
                                                                                                                                                                                                                                        MD5:07F04C8E412E1BB8FF3D064D95C8AB4B
                                                                                                                                                                                                                                        SHA1:ABAE696A98F55D279925D82E9AB0246EDD8D6B1F
                                                                                                                                                                                                                                        SHA-256:F999676C4E7AB2CDC76C75CBED43B7D323BCDAF75669D6676DA398E013CDC013
                                                                                                                                                                                                                                        SHA-512:E519C50F8781E2C4A61C41356F79C735885493DC7B8A457BD3DAC19B51305A71A33E8D158F1887F60DF62517ADC852666CBF92FE2C2AC04B6AFFA02413A7534D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...7............" .....P...,......................................................?.....`...@......@............... ..................................D...d<.......~...)..............T...........................................................H...H............text...(N.......P.................. ..`.data....'...`...(...R..............@....reloc...............z..............@..B............................................0.......................4.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........L.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...(.....0.0.0.0.0.4.b.0...4.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...M.e.m.o.r.y...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...D.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.e.m...M.e.m.o.r.y...

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Http.Json.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):82184
                                                                                                                                                                                                                                        Entropy (8bit):6.572349354143923
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536://dC1+VOgCV+QC9Dwp0wRlK0lB5YjbwRHUf7CN75q6+8J8iGpzWNRBtg:/FC1BgCV+z9DWK0z5YjbwGCnt+82bpyc
                                                                                                                                                                                                                                        MD5:E95B96BE68BED8BBE120B9E2AF1C655B
                                                                                                                                                                                                                                        SHA1:698CB970A23D5C3A749B9D1723EE7C7D9BC9381F
                                                                                                                                                                                                                                        SHA-256:932409C163BA3351DBBA8DB638CECBE9D0224C96142EF9B57459009866CB72F9
                                                                                                                                                                                                                                        SHA-512:290D367F1A740F61F908459955CE625022E5291B4F888D2200258559C9153E70EFAC7DE94063A82CE992E4A281BD13E16FDB42E289843B9A69FB61D9D935BE93
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....m............" .........&...............................................@.......M....`...@......@............... .......................................*...........)...0......(...T...............................................................H............text............................... ..`.data....".......$..................@....reloc.......0......................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....D...C.o.m.m.e.n.t.s...P.r.o.v.i.d.e.s. .e.x.t.e.n.s.i.o.n. .m.e.t.h.o.d.s. .f.o.r. .S.y.s.t.e.m...N.e.t...H.t.t.p...H.t.t.p.C.l.i.e.n.t. .a.n.d. .S.y.s.t.e.m...N.e.t...H.t.t.p...H.t.t.p.C.o.n.t.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Http.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1807120
                                                                                                                                                                                                                                        Entropy (8bit):6.72377514511698
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:K+gRWsMsT/8SuPB0eDHxY6AnUIV2Et7+JSy6HJXwpkUrBc:K+gRHM6uPaeDHxY66UIV2PRaJ6a
                                                                                                                                                                                                                                        MD5:DE6AAE454E722E3F6338983C3E292B9C
                                                                                                                                                                                                                                        SHA1:4300C95F41916EFA603314963CA0E70FDB8F7E47
                                                                                                                                                                                                                                        SHA-256:6537558C53FC3F52C714D0B42CE52010D91C66BA040AEE1B57B58D1361AD075E
                                                                                                                                                                                                                                        SHA-512:BEF4AE8B7D5CB732DE8DDB473E04E9B96597075EB2B20A2D812732450CFEA6313C271018CDE87F0DC47BEEAC7ED7B75D8915FDBEBA09A272D2C4C95D04F71F4D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...*B............" .....^...............................................................`...@......@............... ......................................dt.......j...)...`..(....u..T...............................................................H............text....].......^.................. ..`.data........p.......`..............@....reloc..(....`.......L..............@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.HttpListener.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):639152
                                                                                                                                                                                                                                        Entropy (8bit):6.675826804479448
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:SAaST6MSRsRshV3P1ZE7Ap0FTRNN3RdR9R5ijQz9Dl6Tm:SAgF02J8TrWkz36q
                                                                                                                                                                                                                                        MD5:42F40FB38738D1F24D4DFCAA2491A274
                                                                                                                                                                                                                                        SHA1:0009AE9396D79E06D03323D8EAD5A6240B34ECF7
                                                                                                                                                                                                                                        SHA-256:9AD8BAE6EDEFBF35B8BBCE5DFCB5B058AA3B9A23F6836CDFE60601FD693EEB43
                                                                                                                                                                                                                                        SHA-512:B0C367588287226B148F5F3E2498423AB56B06EAEC327CCE52CDDAF05B4988EA5F5DA839F7BC5B8864724A875780FB42A51347AE260305E4A2EA87245095275C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...!............" ................................................................1.....`...@......@............... ..................................,.......p;.......(...........3..T...........................................................0...H............text............................... ..`.data...............................@....reloc..............................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........4.....S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Mail.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):552248
                                                                                                                                                                                                                                        Entropy (8bit):6.681552978241307
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:04YNveL6eFP1XxuNT5L2B2APiOLlbH5GAgZFd3qU:sa6A9XQ5FbP
                                                                                                                                                                                                                                        MD5:312C76ADC34A80AD00C01E036FE99893
                                                                                                                                                                                                                                        SHA1:A0E437A0CCAD78699EBC165E068182741C50C247
                                                                                                                                                                                                                                        SHA-256:558D751335D9ED63C6220F8B52DF1D5BE7138B844DD55A0ADBE0515EF3EEA9B1
                                                                                                                                                                                                                                        SHA-512:017BAEC878110FDDD6CD39AAD9E2DD7F7FB7ED274D85C82F81D8CDB2CE1B942A24E0DCFEAD50E2F27F6ECBCA8122CC7200201E8C105DC5E02F9BBE547FC14333
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....f............" .........................................................`......l.....`...@......@............... ......................................x....@...D..8)...P..T....2..T...............................................................H............text...P........................... ..`.data...*z.......|..................@....reloc..T....P.......8..............@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.NameResolution.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):101136
                                                                                                                                                                                                                                        Entropy (8bit):6.58531291273166
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:Nc8vDWisUZDWj5CkxyB0flOpiJvXVIb1C:rvtpz4JFIs
                                                                                                                                                                                                                                        MD5:1EA4AFF32FC894ADFAB80ACBA0911FFE
                                                                                                                                                                                                                                        SHA1:F7E6D194EB406373E7C51361C732CF14130DC0A9
                                                                                                                                                                                                                                        SHA-256:6A4014CCD490E0BAD0A2521F5C0541037E945F8D06067777D90EC0AB1116579C
                                                                                                                                                                                                                                        SHA-512:B19735B5117625559BE7E9B720850B19052FE5F0910C5C311E1302C41A1D820D207B290671D23DF86F045FB693A8019EFA6752682DCA61DEC447C200C459E937
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....m)..........." .....8...(............................................................`...@......@............... ..................................8...X2..(....b...)..........X...T...........................................................8...H............text....7.......8.................. ..`.data....#...P...$...:..............@....reloc...............^..............@..B............................................0.......................(.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........@.....S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.NetworkInformation.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):150792
                                                                                                                                                                                                                                        Entropy (8bit):6.573942436665297
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:dwGzr+JIgd5GfZOB7jG9LysLUYxPZLVXQ2Vf8ync7D+1TSapyLX:pr4Ia5GG7SLUY5fnp1+Db
                                                                                                                                                                                                                                        MD5:03F87B913BFE0EC24269251A9A6D0853
                                                                                                                                                                                                                                        SHA1:D2556A98ABC04D0DB2143B4AEB6BC80D97C51A83
                                                                                                                                                                                                                                        SHA-256:855A2B2D8AE418B3144D6A110DB09410A617D63A47B190EF51D66E018B5E68D5
                                                                                                                                                                                                                                        SHA-512:CAF1DA84B24C4EE8457248C60BCBB65247F3EBB31C789F270EB630B5D9305622724E6BC13411AA254F91471EA97DEFBE56A77E21E27B3F482923D35EBFB0F9C4
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....%............" .........0...............................................P......7.....`...@......@............... ..................................P...p;.......$...)...@..h...0...T...........................................................P...H............text............................... ..`.data...L*.......,..................@....reloc..h....@....... ..............@..B............................................0.......................@.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........X.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...4.....0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Ping.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):79136
                                                                                                                                                                                                                                        Entropy (8bit):6.588702845265931
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:yS1PRHHY1TVcdoU0ZMg4m5IL2SvKBpKY37PWWDczF:yg5HHYVdd48ILepK86/B
                                                                                                                                                                                                                                        MD5:9BAAB57800A8916FC5F8A34ABD4369A5
                                                                                                                                                                                                                                        SHA1:9C9B2A43F51929E676DF7946BB67C3F6DC9AA541
                                                                                                                                                                                                                                        SHA-256:6AEB6CE1FE5C3A96845DD577F40D556CC3B88E23518396B14004EBCAA99455AB
                                                                                                                                                                                                                                        SHA-512:0FEF94A0C557740E0B538F103039A5A3E8007A6C150C88BAAA1552A5D77F1D68F61A876489F496139F001C1897DCC6A5677DA2BF55B2EF3BB42CE644497C2840
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...Q............" .........................................................0............`...@......@............... .......................................,..D....... )... ......@...T...............................................................H............text............................... ..`.data...............................@....reloc....... ......................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):214288
                                                                                                                                                                                                                                        Entropy (8bit):6.692866532143802
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:vtjvFk4HiSLahyjGNbykDXO3bf5G+bHX7T1sWkN6OcE/64BWm1/2us/6M6eURoi5:FbFk4C5y4zOz53h+5fwR6eSo9kD
                                                                                                                                                                                                                                        MD5:D45721810B97663F99E10123DDFFEA4C
                                                                                                                                                                                                                                        SHA1:400FA1A9C317DCDAF5A6229B713B3803BB6879A9
                                                                                                                                                                                                                                        SHA-256:1AA669D54F4BBA84C1833E4C6C7FCD6C5057412618604F48844BB79B9FE0AC72
                                                                                                                                                                                                                                        SHA-512:3932DDE0AB8EFF7A0A1DAACA9A6C0F29A17A6F55039F640AEBBEE61CBA07567FE756F5F6A6A787ADFBCBB268A73861F5FE51C177380C3B783D380883DD2F16E9
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....>............" .........:...............................................@............`...@......@............... .................................. ...\V..<........)...0.. ....!..T........................................................... ...H............text............................... ..`.data....3.......4..................@....reloc.. ....0......................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........(.....S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Quic.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):293640
                                                                                                                                                                                                                                        Entropy (8bit):6.636078633076518
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:mvExTiARl6gq1zPt3CxPpuLdDmRw6WSL/l6eohgni:lR/j6XzBCxPpuLRm1l6Xmni
                                                                                                                                                                                                                                        MD5:FD789783FCE2564634EA2D47D4CF14CB
                                                                                                                                                                                                                                        SHA1:4C4C721EEB969A869625F64150759EA236DA1E7D
                                                                                                                                                                                                                                        SHA-256:7E5A21124CD63F428A24B78290569628F16C7C0D58BD4323CE358B235031AC98
                                                                                                                                                                                                                                        SHA-512:B0C4F2072E239312ACBFA868E5A69957CBAF058A189DB1DC4B2DD2265396C69C6A5813B8A8FF1D18F7950A93D3AAD08B51AE58805E1E14891EE8BA873D528886
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........n.......................................................*....`...@......@............... ......................................xw..|....R...)...p......H&..T...............................................................H............text............................... ..`.data...Re.......f..................@....reloc.......p.......J..............@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Requests.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):349456
                                                                                                                                                                                                                                        Entropy (8bit):6.619249857259698
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:ymhqNLrajj/iS/9z3E8djsPOkdMA4f5G/eopZFBq1Y:y8YPafiUWXAr1Y
                                                                                                                                                                                                                                        MD5:646F04A2738C65F25D1934E497ACFBA7
                                                                                                                                                                                                                                        SHA1:19850A695DC06568C4B4766A2BDF4D0383A6A273
                                                                                                                                                                                                                                        SHA-256:68BD9418A0B1ECBFD4202F145D00C0D23BB40F1936964A2B7EEB979053B234FA
                                                                                                                                                                                                                                        SHA-512:88664A6FE955AC149EF6C4E5DAE49D414BE01B7FDCC7BD3BF578B84BC84D63BCC6EB12BC53495C255E19A3977877C04DACFB2D5D078AAA4B2B0E9F0474383CC1
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" .........p...............................................P......,.....`...@......@............... ..........................................*...,...)...@.......+..T...............................................................H............text.../........................... ..`.data....g.......h..................@....reloc.......@.......$..............@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Security.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):685320
                                                                                                                                                                                                                                        Entropy (8bit):6.8245378715729474
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:XiPF+HUmX2XIw9BaNGRjpgPzLoLLwCvUX3L/Z9q92OD:XiS7X2N9Bki8k
                                                                                                                                                                                                                                        MD5:CA07464D94CC02F114CDA16BD19CCF01
                                                                                                                                                                                                                                        SHA1:552B26F881040EF5622E4B8B728D9F964CAC7B99
                                                                                                                                                                                                                                        SHA-256:EC1941E90A90CDE9F11CFCEF96B7618790EC321E760E4F3AFD53096DE7179484
                                                                                                                                                                                                                                        SHA-512:7BD77B75539065AA42F04A62928E22D3BF823026597398D8923BB9C12E034EF183E629D39A5C7324D17BF50B3064F5D009DDC2916B2C7EB9EAF3FEDD180DF5C4
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...;)............" .........................................................p............`...@......@............... ...........................................<...L...)...`..<...(-..T...............................................................H............text.............................. ..`.data...............................@....reloc..<....`.......@..............@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.ServicePoint.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):37136
                                                                                                                                                                                                                                        Entropy (8bit):6.50638514033971
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:NW+nFWGN7798x33dWc8fIY6WxR6OU1RpnJ87bxHKnfrjRYFSlxgdg3a2myQJNx9x:jTJyMBing5AD9wggDsKmqrFClA9zJ
                                                                                                                                                                                                                                        MD5:33F1488B82619B32EF30D8FA10932A83
                                                                                                                                                                                                                                        SHA1:073459116F208778B98A4B996984D6ABF742D820
                                                                                                                                                                                                                                        SHA-256:F91AFB1582BDD85D9B6CC6D4E5774169825E73E4BCD3A36C4408D37637731CC6
                                                                                                                                                                                                                                        SHA-512:96DF7CBEB36BF3CBB460DD6F531CD30971DE904A55354F9B9ED3FD67A3B0DD7800EDD2400EBEB9A329AF707B0232BA280FBC6B9C5690AF5F391CA2CC26131672
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...$............." .....\..........................................................-i....`...@......@............... ..........................................`....h...)..........H...T...............................................................H............text...KZ.......\.................. ..`.data........p.......^..............@....reloc...............f..............@..B............................................0...........................<.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o...x.....0.0.0.0.0.4.b.0...H.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...N.e.t...S.e.r.v.i.c.e.P.o.i.n.t...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...X.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Sockets.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):506632
                                                                                                                                                                                                                                        Entropy (8bit):6.739877963601641
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:iY72vFk13eFkZMdvJEKzDiL1vu21pcIzL9wKopz+t+dR5jJ3B+P:iY72G13ZMliwiwOoZ+t+dRz34P
                                                                                                                                                                                                                                        MD5:B1C89B1E9A5D537A32BFC42710B590C6
                                                                                                                                                                                                                                        SHA1:0D0AEC1748EC4B8B50C23E82F6453908AE4F4F66
                                                                                                                                                                                                                                        SHA-256:E15AFD60ED6A5801F153648A77F36D15B7F9EDD1934CD342AAA3312D23E57FC1
                                                                                                                                                                                                                                        SHA-512:35E24F64F3D0A8FD171736C2503DC45931A9169C30BDFA450A741B0DD3E8E264B82508937CB52AFF31FFCCFE86DA4BB8FBFE38148748B3ED76F39B611D777F37
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...b2............" .........~............................................................`...@......@............... ...........................................6.......)..........p4..T...............................................................H............text............................... ..`.data....s...0...t..................@....reloc..............................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebClient.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):166696
                                                                                                                                                                                                                                        Entropy (8bit):6.64714001372041
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:5xwi2eI9dTW/NFVMqRcz7qu0OxDVY3qwJhlij3PMluseo1rzSH:rwi2eORW/3/RczOu0ghsegzS
                                                                                                                                                                                                                                        MD5:E66E573B815651533098204FE8F6A4B3
                                                                                                                                                                                                                                        SHA1:8A781D7E5C60F432BFB81FE4CBDCF1387E1B5711
                                                                                                                                                                                                                                        SHA-256:2AF045741EF32D6C92E345D75281B39EA818958C01ECB47834E43540901EBC83
                                                                                                                                                                                                                                        SHA-512:32247AAF0B7E71B365DD752A51C296C2EC3CB880A02106E4774616638E5ADEF16EEF163CB797076E9F891F612C4E38FD8039A3194C4533A07374DCF6B1477054
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...p............." ....."...>......................................................P.....`...@......@............... .......................................L..p....b..()......x...H...T...............................................................H............text.... .......".................. ..`.data....6...@...8...$..............@....reloc..x............\..............@..B............................................0.......................t...,.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o...h.....0.0.0.0.0.4.b.0...B.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...N.e.t...W.e.b.C.l.i.e.n.t.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...R.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.e.m.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebHeaderCollection.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):60696
                                                                                                                                                                                                                                        Entropy (8bit):6.535904077319764
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:HBfRKv+6SDbVXWTlEG3VulTTTTTTTTTTTTTTTTTTTTTTTTT0NW8zOCb:HrKKpXqln3VRNrJb
                                                                                                                                                                                                                                        MD5:1A2192CD55AC26651019BD5716EDF274
                                                                                                                                                                                                                                        SHA1:9DDFCAAB954D4E86CFC9DA88E666AB57A19A0561
                                                                                                                                                                                                                                        SHA-256:2888BFDD67C2A71968E5945814471BFFC0A3BDE85980DF855CE3D60FE93C76E2
                                                                                                                                                                                                                                        SHA-512:2E4ABC3F4FF57418B2C0DDDEFDFCFBC48AE6B4ED5AD6C28C4917C04DC447A52B3356FE5F478283930FCE7079D08742946844F7537EC5D9E90C7163CA99174922
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ......................................................................`...@......@............... ......................................x"...........)..............T...............................................................H............text.............................. ..`.data...9...........................@....reloc..............................@..B............................................0...........................|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...V.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...N.e.t...W.e.b.H.e.a.d.e.r.C.o.l.l.e.c.t.i.o.n.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...f.....F.i.l.e.D.e.s.c.r.i.p.t.i.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebProxy.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32056
                                                                                                                                                                                                                                        Entropy (8bit):6.557487177148606
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:y3WpQwWm/k/viYHcZg2VUi6VGt1QWKlL/95/1oqOMlGFESX6HRN7PSpGR9z35v:yNyk/vL72Vd1HgTls3WPSY9zJv
                                                                                                                                                                                                                                        MD5:6EB91FC196B1CC9F19B2CD8FC3E8434A
                                                                                                                                                                                                                                        SHA1:AF03A2772C81E7CA43DE3297979F110BAAA6CFDF
                                                                                                                                                                                                                                        SHA-256:8F91556DE372D206D3622027C4512398B58EC8859C376A7D144926E0E85E51DA
                                                                                                                                                                                                                                        SHA-512:2AA33D88632309BC64932A1E330072CDCD0D8C9952B7B9CB25F367EDF7AA11BD005C2299AF0E1D4E3005D75CDD2620688322F14ADD8B03A1B3A01FC454E8ED71
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" .....H................................................................`...@......@............... ..................................t............T..8)...p..........T...........................................................x...H............text..._F.......H.................. ..`.data...i....`.......J..............@....reloc.......p.......R..............@..B............................................0.......................d.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........|.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...X.....0.0.0.0.0.4.b.0...@.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...N.e.t...W.e.b.P.r.o.x.y...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...P.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.e.m...N.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebSockets.Client.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):76568
                                                                                                                                                                                                                                        Entropy (8bit):6.4853478188512375
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:67OYMIHH9XOUiSd13OETTzlw49YLOXC3zlc5rbIRWpqIWHVz9:8ln5zX33DTTzlp9YLNDlc5rMZIq5
                                                                                                                                                                                                                                        MD5:4F6B324C53BBB877F0F42A6EAB84179B
                                                                                                                                                                                                                                        SHA1:3E57D33C2292533D31CE0D5254C2225ADFB1F1ED
                                                                                                                                                                                                                                        SHA-256:83968FC6BDF453ED228B7DA140C248ADE2F7A6084978DB67205A97636664F11D
                                                                                                                                                                                                                                        SHA-512:284DE4790BADFB59A9CD378A4789219CBC4CBEAB299F8F126B167EDB77F9204CBFEC9EC4309743E414D6931B7FFC73D530C2253C609A68679115EEA3C9894BBC
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...!............." .........................................................0.......U....`...@......@............... ......................................8(...........)... ..........T...............................................................H............text...1........................... ..`.data...............................@....reloc....... ......................@..B............................................0...........................l.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...R.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...N.e.t...W.e.b.S.o.c.k.e.t.s...C.l.i.e.n.t.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...b.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebSockets.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):182064
                                                                                                                                                                                                                                        Entropy (8bit):6.640593125749875
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:crJ1yGe/CWqtx3IRJK9Gkszawp+z1Mq87repROMKKnXWRDYZbQLmvh6st/9o1BV/:+yGtt+Rh887rijXXWrmvh3tu1O/ZRhmV
                                                                                                                                                                                                                                        MD5:C7159CD5889AACF32C60F1209B45B306
                                                                                                                                                                                                                                        SHA1:B21C82BC847D02C854BBF06B5F7DC6570EE95323
                                                                                                                                                                                                                                        SHA-256:30698ED152943072144CFFA5530C4D1F7A39C2AC0B9D4D982CA39CD9011FDF70
                                                                                                                                                                                                                                        SHA-512:3261D5EBB7D2240E9D901A4FF42E89F05A336BB4DF9AFC5063B79DEDEC705C7357DDADDB41B1C61FE9D91784C03163E10025CB63AF3EE0A38776A50AE9688F7E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....p..........." .....d...8......................................................c/....`...@......@............... .................................. ....O..`.......0)..........H...T........................................................... ...H............text....b.......d.................. ..`.data....3.......4...f..............@....reloc..............................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........(.....S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):18184
                                                                                                                                                                                                                                        Entropy (8bit):6.581798101266097
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:pV6EWw138N8G2WowVaWTYA6VFHRN7u+TcTR9z6ZGa:pV6Er138x/FClBwV9z/a
                                                                                                                                                                                                                                        MD5:9E6ACD5E0685D1C4B169FFCC4A990B48
                                                                                                                                                                                                                                        SHA1:67DC8BF8B6A120C3CE8FE8BDFF88BD84CB11FE77
                                                                                                                                                                                                                                        SHA-256:A6BF9DB02AA10F6ED725DD5D7E72AEF926361DF982F135CF8D9EAAE4FAFE47AC
                                                                                                                                                                                                                                        SHA-512:62E8CB2DDB1CE54D327F9324BA49ECAFA650A98F83C494F2083A45850334976E7A3B375CAE46B3DE65A384D22E378A862C66506CE5947A4B3C9F9D91B0009D01
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$............" ..0..............2... ...@....... ...............................A....`.................................92..O....@..8................)...`......l1..T............................................ ............... ..H............text........ ...................... ..`.rsrc...8....@......................@..@.reloc.......`......................@..B................m2......H.......P .......................0......................................BSJB............v4.0.30319......l...X...#~..........#Strings....D.......#US.H.......#GUID...X...D...#Blob............T.........3....................................6.................l...|.l.....Y...............M.......m.....m...c.m.....m.....m.....m...'.m.....m.....m...^.............n...5.l.................S.....S.....S...).S...1.S...9.S...A.S...I.S...Q.S...Y.S...a.S...i.S...q.S...y.S.....S. ...S.....S...

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Numerics.Vectors.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16136
                                                                                                                                                                                                                                        Entropy (8bit):6.708846111618444
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:1Brpigxx9pWabBWipWjA6Kr4PFHnhWgN7acWDDcADB6ZX01k9z3AtOnV:157jpWabBWiYA6VFHRN7+DcTR9z6iV
                                                                                                                                                                                                                                        MD5:30549E2D5F2895F31260F03550D1AB89
                                                                                                                                                                                                                                        SHA1:2A9A436A1423569F906CAE05BD068849CFFE2D5F
                                                                                                                                                                                                                                        SHA-256:D21E226271AB8F12D1020BD9C644E5E77E6189C4F11931457A1638FAE8E85F21
                                                                                                                                                                                                                                        SHA-512:1962C98B89742FE19B23E928AC5659FF590CF561EB59B47986868794811B58865A76DB54AA6B9F8C2B24B40122D36158DD064BB4C848C3DC29C56634201AF035
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'..........."!..0.............N*... ........@.. ..............................g.....`..................................)..W....@...................)...`......D)..8............................................ ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................0*......H........ ..t...................P .......................................T..c@..Go.3..j...Ey..R.C7..Y..Q...~+.\.AN.P...].j.+@.k.m.q[...k..;l...R.....]xh.}E..A.....,}....HnW.o...$g^..M...........%;BSJB............v4.0.30319......`...<...#~..........#Strings............#GUID...........#Blob......................3......................................D.........]...........v...................`...8.....0.......r...\.r.....r.....r.....r.....r.....r...}.r.....r...........6.....

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Numerics.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16144
                                                                                                                                                                                                                                        Entropy (8bit):6.700345163959257
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:cYawsYuvWevNWJpWjA6Kr4PFHnhWgN7agW3IgRxwVIX01k9z3AAljul+Yth:YHvvWevNWJYA6VFHRN76PR9z5lju5th
                                                                                                                                                                                                                                        MD5:251B3ADECBFC6975739805BAE9F63A05
                                                                                                                                                                                                                                        SHA1:5B04529783740F8BF1201ECA0DDE06D12C1C9A29
                                                                                                                                                                                                                                        SHA-256:1D46A019294A694C09B124AAD3FB55240A28035410FFF99AE028B08A8B0D42E0
                                                                                                                                                                                                                                        SHA-512:8FF80308BE71189708F8139565818D4510FB8917E8657842635F02BFAAB9F944D80A1683E86E0885FE876BF1309AB12CF4B1497FB7DEC5E169C142595AC97894
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....@..........." ..0..............*... ...@....... ...................................`..................................*..O....@..X................)...`.......)..T............................................ ............... ..H............text........ ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B.................*......H.......P ......................<)......................................BSJB............v4.0.30319......l...|...#~......@...#Strings....(.......#US.,.......#GUID...<.......#Blob............T.........3..........................................0.........]...............................D...?.e...K.e.....e.....e...".e.....e.....e...}.e.....e...V...........e.............-...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y......... .............

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ObjectModel.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):91312
                                                                                                                                                                                                                                        Entropy (8bit):6.552363583416721
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:7YFJyHM3VtaIGdrG6mksFajOoPnCXrrgpenOpEINYcIwUAZ+K+t34h6FqgHzqWUE:7Yms3VsI+Dmkz8gMnOQcdDzsqSqWfz/
                                                                                                                                                                                                                                        MD5:298C81F3EBB890CC364CCFDCF34058C5
                                                                                                                                                                                                                                        SHA1:6934C79624BB3DA9D22954EE339049D43D9BB83A
                                                                                                                                                                                                                                        SHA-256:A3D82D91C5C016586867F63F6CB75DD2062BC65068F3F1BFFE87DB6EF3C5F743
                                                                                                                                                                                                                                        SHA-512:F6DF7D3274A50BAAAD7A3B748615BC111040A080AB966956143A2E1A6CFA69A6CB64D6DB192CB1FCFF147BBF5E2C8BB6AC94B2101E6B8136136D5B1D7002BBBD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....=..........." ..... ...................................................`......E&....`...@......@............... ..................................t....).......<...(...P..........T...........................................................x...H............text............ .................. ..`.data...H....0......."..............@....reloc.......P.......:..............@..B............................................0.......................d.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........|.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...X.....0.0.0.0.0.4.b.0...>.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...O.b.j.e.c.t.M.o.d.e.l.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...N.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.e.m...O.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.CoreLib.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10637488
                                                                                                                                                                                                                                        Entropy (8bit):6.834759168341911
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:98304:QKlZeeIfZQsU+fRIwvUVvJS63bX4PrLAU4n/0v4/PyGvjr:3CfSsU+fRI/VvJSyX8OyGv3
                                                                                                                                                                                                                                        MD5:E483FEE9AC7ACE5AD3DBE0922BA0429B
                                                                                                                                                                                                                                        SHA1:EC481C588B3BD84305703C854EAEC4FD5998639E
                                                                                                                                                                                                                                        SHA-256:9133F14A629B51EB91BCB80BE17D6228BDB31CF64F1FF7D62CCB4C70E3D30CA7
                                                                                                                                                                                                                                        SHA-512:318CEC35F2DC2D44AF2CC00AD1300EC71CEB89AC9E199B059E1B3428405583662B2013632A89C961085A5596F1C301AAFF498CA8D8222BCD65E462C21E3284DA
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" .........F...............................................P............`...@......@............... ......................................d........(...(.....|r......T...............................................................H............text.............................. ..`.data.............................@....reloc..|r......t..................@..B............................................0...........................<.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o...x.....0.0.0.0.0.4.b.0...F.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...P.r.i.v.a.t.e...C.o.r.e.L.i.b.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...V.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.DataContractSerialization.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2077448
                                                                                                                                                                                                                                        Entropy (8bit):6.722460846508454
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:7r/zyRgRZfG3NMhSsdt1VTxpCBqlY5anISqsVZp3tODPPLD2DL0qF2:3/xZOqF2
                                                                                                                                                                                                                                        MD5:19BF6B8608C66AC95564DF67948A1F01
                                                                                                                                                                                                                                        SHA1:2E51080CCD8D044CB7F88E5186CD6A27234E7349
                                                                                                                                                                                                                                        SHA-256:3160457511B908D08EE652586B6288827D894765319E4D874271C6E35C569CCC
                                                                                                                                                                                                                                        SHA-512:F27689677446EEF7D559F94EF7E48C6C3E0629119516D91E9C2F11F80E7481D5AD749A59F75DDE09C03342B1E5FB2CAC3C933A32A05F678FA7977A0F65AE26BD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....t@..........." .................................................................. ...`...@......@............... ..................................L....`..8........)......,!......p...........................................................P...H............text...Q........................... ..`.data...s|.......~..................@....reloc..,!......."...h..............@..B............................................0.......................<.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^...........?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........T.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...0.....0.0.0.0.0.4.b.0...j.)...C.o.m.m.e.n.t.s...S.y.s.t.e.m...P.r.i.v.a.t.e...D.a.t.a.C.o.n.t.r.a.c.t.S.e.r.i.a.l.i.z.a.t.i.o.n.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...z.)...F.i.l.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.Uri.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):252712
                                                                                                                                                                                                                                        Entropy (8bit):6.803118641554585
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:4Y9Nlu+ra9AkzUhysCmV9tC0XAoe0tAqBmlvaP8lgYD3cRW8qZ+aodJsu/Q0DAsg:Di8ZkzvslViFoeEivw8lgw3cKZejsMvg
                                                                                                                                                                                                                                        MD5:EC9FF4357A78C2DCBC6092ADA5A2AE6F
                                                                                                                                                                                                                                        SHA1:5A8EC381B24FB168B9586CEDDE3680506D71AF47
                                                                                                                                                                                                                                        SHA-256:3C038D1F2461A38D1E3E5FA06A524F493554DF07A5B0661968E32B3CCE5212B9
                                                                                                                                                                                                                                        SHA-512:1441EA2BDB046FEC70C628BA3A6920438695190C265F020A54B5614F62452818CF47B6D808DB37D4EDD0532BB349EA09F86AF695D5FAF6F35D4CC09D233F1328
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" .........&......................................................vx....`...@......@............... ..................................<....V..........().......... ...T...........................................................@...H............text...S........................... ..`.data.... ......."..................@....reloc..............................@..B............................................0.......................,.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^...........?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........D.....S.t.r.i.n.g.F.i.l.e.I.n.f.o... .....0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.Xml.Linq.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):405264
                                                                                                                                                                                                                                        Entropy (8bit):6.714042900365998
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:KR+I69Gw4hphuS5BpIVGcHH8lKPmS6up6+:2+WNhpBynH8G16j+
                                                                                                                                                                                                                                        MD5:9D4484E7B3FEC9597EF9ED633AA3168F
                                                                                                                                                                                                                                        SHA1:21DD509808A6A0EECF13298E3FA541A391E452C2
                                                                                                                                                                                                                                        SHA-256:29DB6AF0D7E4400CD041FAC47546B20BDA2CE5EB730264C99FBC0986751085D8
                                                                                                                                                                                                                                        SHA-512:4CC385ED15E2038FCDCA55A57E83CEB787B80E1CEF18EDB2BB36E912563BDEBE7DF74B1AAEA6347B0823299FF967F3483D761387B330543AE0C2752A8B6051B1
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........j...............................................0............`...@......@............... ......................................,....0.......)... .......+..T...............................................................H............text...*........................... ..`.data...O`.......b..................@....reloc....... ......................@..B............................................0...........................d.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^...........?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...H.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...P.r.i.v.a.t.e...X.m.l...L.i.n.q...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...X.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.Xml.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):8505608
                                                                                                                                                                                                                                        Entropy (8bit):6.821437608207014
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:98304:Smwr9q/Lo4Ou8M1xwOSZ+0TaFqZlH1naEeVQjhV:h/XOu8MzwOSZRYQ5deWjX
                                                                                                                                                                                                                                        MD5:3A78E5F2522B643BE517D485D2FA9EC5
                                                                                                                                                                                                                                        SHA1:4542B8B41B97CDF08672114D38DA87FAE88775AC
                                                                                                                                                                                                                                        SHA-256:335867B5D2E3FF3FF3B0CFAC4D8B654300AF9E3BEC3E0A6A38441415335381EB
                                                                                                                                                                                                                                        SHA-512:84F92F4661D66AB1EE5EDA970204A5487E941CA0A83C105B701B818B653950E11E9753DFB3F840C055DED799D23F8928CC9501BB6DBD198B9216B1BA438B0C24
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." ......|..............................................................`...@......@............... ..................................<...D...8R.......)...`..X_......T...........................................................@...H............text.....|.......|................. ..`.data...8"...0|..$....|.............@....reloc..X_...`...`...@..............@..B............................................0.......................,.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^...........?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........D.....S.t.r.i.n.g.F.i.l.e.I.n.f.o... .....0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.DispatchProxy.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):66312
                                                                                                                                                                                                                                        Entropy (8bit):6.579630181472548
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:SsGqs6PbkymbnA0be+s8cu5BiEUxbluKm0i9pzWYf:SsxsUoymbAiy8BiEY9m0QpyYf
                                                                                                                                                                                                                                        MD5:7051A2BBADB9065085E4354A1F300936
                                                                                                                                                                                                                                        SHA1:EE7E3E2029DDD2E5044A9E74FD4659CA2D792AAC
                                                                                                                                                                                                                                        SHA-256:AC28D3517C24ECC00AF041D5B3C3D878AA816082F658AD826D6F6CD0C4D5E170
                                                                                                                                                                                                                                        SHA-512:1EEE4C0C03E5086A425D047E8EBEFC28EF4DF603BBCEE22A03C363383299ED6C001BF5E45FE8146058285E08E22B21926DB7CE78A7D735DF8EDDA89B9F9668EB
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...<.7..........." ......................................................................`...@......@............... .......................................%...........)......0.......T...............................................................H............text............................... ..`.data...............................@....reloc..0...........................@..B............................................0...........................|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...X. ...C.o.m.m.e.n.t.s...S.y.s.t.e.m...R.e.f.l.e.c.t.i.o.n...D.i.s.p.a.t.c.h.P.r.o.x.y...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...h. ...F.i.l.e.D.e.s.c.r.i.p.t.i.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Emit.ILGeneration.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16136
                                                                                                                                                                                                                                        Entropy (8bit):6.731452166320643
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:KdmAPIh5WVsUWjYA6VFHRN7c7VXC4deR9zVjx0B:nAPCTdFClc7VXC4dC9zVj6
                                                                                                                                                                                                                                        MD5:23DCCA25D64F033EC933CBF083D19EA7
                                                                                                                                                                                                                                        SHA1:3FC9E0DD194587839DDD66ED84DC0F6424031794
                                                                                                                                                                                                                                        SHA-256:BD9BE884AF004544C47727D6C84256395F3968A97C9AF47484BAD919F103A9D4
                                                                                                                                                                                                                                        SHA-512:2C19609752E2E40F3FF48CF30E51B4ED58836FA4DADE6A250EA2F34579CBB9BE4F9B07A68C2D3CDB61537FC8C408946D3DB336E9D4BD7E4C404F75C1E5036596
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...\............."!..0.............n*... ........@.. ....................................`..................................*..S....@...................)...`......P)..8............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P*......H........ ......................P ........................................I(..PNp.....e{..$....v+..P;...:.!P#..4.e.y.P.8.d.t^.|.......}.m.....&.|.z.d.....!y.8.`L.M3..8F.C..c..*...|.K].....6.a.."BSJB............v4.0.30319......`.......#~..t...D...#Strings............#GUID...........#Blob......................3................................................"...........;...........f.......7.................b...!.b.....b...[.b.....b.....b.....b...B.b...O.b...v.............

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Emit.Lightweight.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16184
                                                                                                                                                                                                                                        Entropy (8bit):6.717541563928021
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:ydbjS8WxRVJW0+X6HRN7hUzDtdQ5R9zP2il:w0yWGFds9znl
                                                                                                                                                                                                                                        MD5:D67025C176E928D4A4D300DC552A8D6C
                                                                                                                                                                                                                                        SHA1:A363A379995B46190824D278836CF752CDCD1A10
                                                                                                                                                                                                                                        SHA-256:39217B38B36627DE4C09A116F3A26E3565C3150255ABDF492B7296B2822B6181
                                                                                                                                                                                                                                        SHA-512:396A77F1F5ACE23A81B59A292576FE7A6EA5C2842E768DE91D956595851323A75BBB0AA826395C0331528CE5374238A6D3BEF644264E33B71E33E42ECD821FA3
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...K\............"!..0..............)... ........@.. ...............................2....`..................................)..K....@..................8)...`.......(..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H........ ......................P ........................................ ..d..]...Y.D.\~...s_..j.Z...J@.Z.....<add....G....Y.b.x...}.\Y.w@..cF.U.S......>32..@S.\.....C.nO..=..n.3...8....6.O...XBSJB............v4.0.30319......`.......#~..H.......#Strings....P.......#GUID...`.......#Blob......................3................................................2...........K.m.........v.......@.................G...1.G.....G...k.G.....G.....G.....G...R.G..._.G.................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Emit.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16144
                                                                                                                                                                                                                                        Entropy (8bit):6.734500709043853
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Ilxvu8CLLW6MbRWcYA6VFHRN7XYdFDR9z7W3F:+u6tFClXYPl9zy
                                                                                                                                                                                                                                        MD5:4FE8A8072F206B46ADDBAD0C61168D59
                                                                                                                                                                                                                                        SHA1:2270D75DFCC5B1A5F4751A5CD027D10FFB62B5B2
                                                                                                                                                                                                                                        SHA-256:C2949807B3BB6EC74EA786708335CAF5484082CE4901AA0D5D1B59608699A79A
                                                                                                                                                                                                                                        SHA-512:685424B68AC153B3E55333F48ACD2B182DFC477CB6F590DAF410EA59532A61BF429948BA9B4E74EE72B43E4E5F2B33E015A18D023249E416CA02667F9373EC0F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....b............"!..0..............*... ........@.. ..............................o&....`.................................d*..W....@...................)...`.......)..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H........ ......................P ......................................|....chR.(.._.@...|.3.5.8,.b5.......?O..cT.....>...S....z....K.O.N.2.....j..5..y.........[,5...?..(b..A.\...HL,.....J*. iLBSJB............v4.0.30319......`...X...#~......p...#Strings....(.......#GUID...8.......#Blob......................3................................................"...........;.....2.....f.......$.................+...!.+.....+...[.+.....+.....+.....+...B.+...O.+...v.............

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Extensions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15624
                                                                                                                                                                                                                                        Entropy (8bit):6.8012541413925405
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:3t8YJXWKyWWOYA6VFHRN78RxB+R9zP5xE:3tdS2FCl8Rxw9zPE
                                                                                                                                                                                                                                        MD5:359100F45ACC2BA5FC6F2568B06ED5CD
                                                                                                                                                                                                                                        SHA1:466C5050B1844078C01A498C11413CCF626A7FA4
                                                                                                                                                                                                                                        SHA-256:6A993469374344523406736668802D19C0EB9A86A688348866A753B3340EAF33
                                                                                                                                                                                                                                        SHA-512:CC272C6E2DB59C6E890308A6C9D479B4C6F233FE450288AE02B37A4ABC8EE4E13ED8B32579F92EDD6D4A59CF724F8A5AEA67AFFD909ED0E695D1ECF57A9CA280
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....z............"!..0.............n)... ........@.. ...............................y....`..................................)..O....@...................)...`......`(..8............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P)......H........ ......................P ......................................2.. u.Y.....b.I.oi...Z......^...NC.w.........B......Xuu.|].^.K.l...N7..D.j...N.Z[.R....C..f.17X.fWCW.i....d......*9.Uw.D.BSJB............v4.0.30319......`.......#~..0.......#Strings............#GUID...........#Blob......................3..................................................,.....,...3.....L.....^.....a.................w.................w.................G.....I.,.......................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Metadata.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1130656
                                                                                                                                                                                                                                        Entropy (8bit):6.715905432836471
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:Gzj22UrYDBFZmNt+Ll3tMgRrSkM7yTWHt8kJjaJlB9vNR0wyQPoVODzty2el+dj:CVuv+53rRukMZpO/kwhPDzw2el+dj
                                                                                                                                                                                                                                        MD5:B6D60C794F11C5487975EACB167EC9A8
                                                                                                                                                                                                                                        SHA1:0954C3A5693DA7B3F6D3730BC102451DA9E1B89A
                                                                                                                                                                                                                                        SHA-256:FD385C3D3C1B096801497CE0200CF96CBF6C7AA5BA28CD8E51A596FDFF79EF2A
                                                                                                                                                                                                                                        SHA-512:29E4E3A6D03D604DE8092A9D5E8A803C2DFF3A033F1FC613CC1F5411B6E8340AA38A7A375C4FD360B43A6A94A538FF768504A9A4C89CC39FE0057645FDC93541
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...H.)..........." .....4...................................................@......ht....`...@......@............... ..................................h...............(... ..h...xW..T...........................................................h...H............text...>2.......4.................. ..`.data........P.......6..............@....reloc..h.... ......................@..B............................................0.......................X.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........p.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...L.....0.0.0.0.0.4.b.0.........C.o.m.m.e.n.t.s...T.h.i.s. .p.a.c.k.a.g.e.s. .p.r.o.v.i.d.e.s. .a. .l.o.w.-.l.e.v.e.l. ...N.E.T. .(.E.C.M.A.-.3.3.5.). .m.e.t.a.d.a.t.a. .r.e.a.d.e.r. .a.n.d. .w.r.i.t.e.r... .I.t.'.s. .g.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16144
                                                                                                                                                                                                                                        Entropy (8bit):6.766244200871325
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:CCrP0C5xxkWWSq+WB3pWjA6Kr4PFHnhWgN7agWEuWGshHssDX01k9z3AGW87d:r0oWWWSq+WVYA6VFHRN7g+FDR9z7W85
                                                                                                                                                                                                                                        MD5:72C0E8F0C891D0D32883B91C69FAE958
                                                                                                                                                                                                                                        SHA1:DD1231450BB7B72B8E53110C5675BAA86EC6846F
                                                                                                                                                                                                                                        SHA-256:8F9C83135A78C8740068B07FDAFD647BE42484E8BE182A7AAE3D0A345528BA45
                                                                                                                                                                                                                                        SHA-512:589497251EBB975AB5C84DD7B8EC3E40E0DB70CF9F48E88D450D36025B2EEC3D3CEEC28E227A6013ABCB98073A0F886443410A267B871B8FB51FC08F323803D9
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"!..0.............^+... ........@.. ...............................p....`..................................+..K....@...................)...`......T*..8............................................ ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................@+......H........ ......................P ......................................k{.*....U4>\..T.A.....[.c..MA........a..6..P.&T.>.<U..S%...|.t.m:_...nQu.O...Q.a<9^qU....w{n.c...W..O*p......]...}}.ET.G...BSJB............v4.0.30319......`.......#~..........#Strings............#GUID...........#Blob......................3......................................3.........@...........Y...................`.................g...?.g.....g...y.g.....g.....g.....g...`.g...m.g.................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.TypeExtensions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):33592
                                                                                                                                                                                                                                        Entropy (8bit):6.486828889454643
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:kCWmaeWGlEYc9RSfX0lawccfNXuWrdzy+A2mcpPL91ePX6HRN7Ou0R9zUHm:k3GlDcWEAwcc1+Wc+bmUPLfoWOu49zb
                                                                                                                                                                                                                                        MD5:9D26813D0E4E76BF161DF6467D46593D
                                                                                                                                                                                                                                        SHA1:04100251143A0146FC28F54003E05F34B29C07D2
                                                                                                                                                                                                                                        SHA-256:3B581E1C257AF2B87AC6279BEAE8734E4A79CD3F86335168763BCEA8D495330E
                                                                                                                                                                                                                                        SHA-512:6BA1BE1142254F0F2755596ACF28825C0F43596D6D7D0CF942D40067BCE2B24C38BBED6C82E34301EBD6C21D807745723C8932C181139F9FA7A7BE0B3957397C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...-............." .....P................................................................`...@......@............... ......................................D........Z..8)...p..........T...............................................................H............text....N.......P.................. ..`.data........`.......R..............@....reloc.......p.......X..............@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...Z.!...C.o.m.m.e.n.t.s...S.y.s.t.e.m...R.e.f.l.e.c.t.i.o.n...T.y.p.e.E.x.t.e.n.s.i.o.n.s.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...j.!...F.i.l.e.D.e.s.c.r.i.p.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16656
                                                                                                                                                                                                                                        Entropy (8bit):6.723329527099039
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:mEKi0jWhGCWefYA6VFHRN7P178FDR9z7Wxs:7KtCfFCld0l9z6s
                                                                                                                                                                                                                                        MD5:4564A146B250C1C73E59A6FED69FCA60
                                                                                                                                                                                                                                        SHA1:A9645B6D15EF8799AB5C0FA1D09FD5D01DFC3291
                                                                                                                                                                                                                                        SHA-256:F2DF432950E7751EA35A19C078376A7FEA079E739AD89C1A63CC45B41A07D18F
                                                                                                                                                                                                                                        SHA-512:D3A6B078FDEEB3492B20B442504CD743F84D08DD987E916F768B1222DFF81C73B4B7F72C1F8623695164A9715FC3C1E18ADF1EC2C5C877F54ACBF060ED4E2270
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."!..0..............-... ........@.. ....................................`.................................8-..S....@..h................)...`.......,..8............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B................p-......H........ ......................P ..........................................MA.}.]....v"E.~..O`.....H....h...?.6..>..Q]]..D^b..$.T.sR.9.,.X#MlK.O..dU..J.ukG.\...GyQ...c...>.=B3 ...4.....X....`BSJB............v4.0.30319......`.......#~..........#Strings............#GUID... .......#Blob......................3................................#.....a.........z.<.....<.........\.......3.....w...U.....M.....7.....y.................................................<...........

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Resources.Reader.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15624
                                                                                                                                                                                                                                        Entropy (8bit):6.782820861043016
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:WeP4MKrW4N3WmYA6VFHRN7RKVXC4deR9zVjx93:WM4MetFClRKVXC4dC9zVjn3
                                                                                                                                                                                                                                        MD5:1F4727345E2C6782DFBAADC9E9817693
                                                                                                                                                                                                                                        SHA1:F467E2BC1F7D1DE3FAEDC953DC8EC8707B3E9268
                                                                                                                                                                                                                                        SHA-256:4818E3F1CAD2A5B47078C068AB08DC0DFF4110FDC8B525A99523C3D0789BC75A
                                                                                                                                                                                                                                        SHA-512:B925E8166F9E8AB1FA3719FD95E792AD725C427818144E3012C27BD251B4BD109A7447F862D886017CE323FCB815EA7E02B73A4865FCDEC00D457EA51CC5CD17
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."!..0..............)... ........@.. ..............................,R....`..................................(..K....@...................)...`.......(..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H........ ..@...................P ......................................|.....[s..Bn....g..X.}..z..4{.vf...........l.p......0..!..7.Q....W.u.Cg^.....b.7=.y.7.....n.."4.......NHeS..?s.P.........SBSJB............v4.0.30319......`.......#~..........#Strings............#GUID...........#Blob......................3..................................................=.....=...3.*...n.....^.....a.................w.................w.................G.....I.=.................$.....

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Resources.ResourceManager.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16176
                                                                                                                                                                                                                                        Entropy (8bit):6.777064915062182
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:LJMER3xxBRvWVxzWteWxNzx95jmHnhWgN7aIW5z45WXYz1X01k9z3AyoFewPe7:OmhLRvWVxzWtlX6HRN7moJR9z/Ke7
                                                                                                                                                                                                                                        MD5:8245CEBD42F6DDE00034133DD1E618B6
                                                                                                                                                                                                                                        SHA1:80A448FFBF1B6DD0FD033AA925D8793B440C486F
                                                                                                                                                                                                                                        SHA-256:ED43F130E2E71AE9C4160D887BDD004105E34B0D353DAFF1F12F7DE7CEFF6737
                                                                                                                                                                                                                                        SHA-512:B8202FDF61803A2C6A071D68F6AD9E0F153E54745044EC298505EED852DF25140992C4FF753C1E8E8FF42AB0FDDFC8D846E1EA1438295C4FD5C83A563663CB5C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"!..0.............^+... ........@.. ..............................b.....`..................................+..O....@..................0)...`......H*..8............................................ ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................@+......H........ ..x...................P .......................................B0.;...V#...4C.....t...C...5.I8./.....B..}.O...'.=?ky2...)L0..`.A=....U_.w.'Y......h.I..2Y........GK... |?l.=.p...Y..M.BSJB............v4.0.30319......`...h...#~..........#Strings............#GUID...........#Blob......................3......................................M.........f...........].l.................r...A.....9.....#.....!.........................................q...................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Resources.Writer.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):45320
                                                                                                                                                                                                                                        Entropy (8bit):6.5512339771396775
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:6l7vatyqsSfySDzEjI7uG8lZ6KFClfFT9zSG:6JQHjnz+YuGUZifTzSG
                                                                                                                                                                                                                                        MD5:C2406CEA76D202D405D811A647685BCE
                                                                                                                                                                                                                                        SHA1:3CDA5B4AFE38FFD978DCDFE9F06E71BB4A27E458
                                                                                                                                                                                                                                        SHA-256:9146D7B97ED2B0D1BFDA6F75E508A1E4D171ACFFA75D9F061294AA0E64D8D93D
                                                                                                                                                                                                                                        SHA-512:BC74AA88385C1E679FE3D93240B271774D1623060D1A42B66D5CA2D0617268FA0B40278A13D45E3978461CB5A5ED2E6B358643CAE8636D2D05FD5F971C39C66F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" .....v..........................................................H.....`...@......@............... ..........................................@........)..............T...............................................................H............text....u.......v.................. ..`.data................x..............@....reloc..............................@..B............................................0...........................<.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o...x.....0.0.0.0.0.4.b.0...H.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...R.e.s.o.u.r.c.e.s...W.r.i.t.e.r...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...X.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22800
                                                                                                                                                                                                                                        Entropy (8bit):6.425734217683911
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:DWgi2WkbXPPGmmOWWWfnpon0YA6VFHRN77Zm9R9zrJRU2:6sHGmmHPFCl7M9zs2
                                                                                                                                                                                                                                        MD5:5EF80C5A289DB81C062B66908A2C6B9F
                                                                                                                                                                                                                                        SHA1:CF799B59D6CD69890592F42238F14337EFBE3B48
                                                                                                                                                                                                                                        SHA-256:C47A7B97F2026DACFC4B5C866429513E10D2C3C39201420E1C3A5624927E706C
                                                                                                                                                                                                                                        SHA-512:CFA3711F94F5291CE9F30EDB8DBA0BFD7C9D219327180F11D597113B997A0DF5EB76E2E2BF7F82F99B5C96B7D027D5E5C50365646DF01FD5C47B1FDF5B7B35E6
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.../..f.........." .....*...................................................`............`...@......@............... ......................................$........0...)...P..........8...............................................................H............text...o).......*.................. ..`.data...=....@.......,..............@....reloc.......P......................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...f.'...C.o.m.m.e.n.t.s...S.y.s.t.e.m...R.u.n.t.i.m.e...C.o.m.p.i.l.e.r.S.e.r.v.i.c.e.s...U.n.s.a.f.e.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...v.'...F.i.l.e.D.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.CompilerServices.VisualC.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20232
                                                                                                                                                                                                                                        Entropy (8bit):6.598667978987244
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:MWspLW2LIrR/TvnaNEcv2YA6VFHRN7eCVCEpcR9zURG:4RLq/TvnaNwFCleCVCEpw9zx
                                                                                                                                                                                                                                        MD5:1EC59746C207B75224D1C170AB65D5D9
                                                                                                                                                                                                                                        SHA1:106EF6FB34DC9B2555A8723603828ADB736A312D
                                                                                                                                                                                                                                        SHA-256:3526B82CFB921E84C749DC54976503441D09FD36F569A0D574FB6819510AB7CA
                                                                                                                                                                                                                                        SHA-512:1DC5606DC607A349DB6A462D317CFCFAEC5D0444479FBC2B8C7F01D2E0E2443711C2E9DD0FAE7A702FB27ADA10DB52CFCDF2D5D7AA4C704911CC4B11516DF829
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." ..... ...................................................P......#G....`...@......@............... ...............................................&...)...@..........T...............................................................H............text...`........ .................. ..`.data...D....0......."..............@....reloc.......@.......$..............@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...h.(...C.o.m.m.e.n.t.s...S.y.s.t.e.m...R.u.n.t.i.m.e...C.o.m.p.i.l.e.r.S.e.r.v.i.c.e.s...V.i.s.u.a.l.C...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...x.(...F.i.l.e.D.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Extensions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):18192
                                                                                                                                                                                                                                        Entropy (8bit):6.628514917253588
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:c5y7UByGe9xCEV6mW8/NWMYA6VFHRN7/5FDR9z7WGM:saUByGePrVFClTl9zq
                                                                                                                                                                                                                                        MD5:C692B087C3167E7263397E9B34E94332
                                                                                                                                                                                                                                        SHA1:105D78B07E06E1C28AB69DC7E8CF4A7F6A71AFC3
                                                                                                                                                                                                                                        SHA-256:59692C49D72030F5259052EFAC5BD88BC2D3471450D3F081D64F1E60E2C502E2
                                                                                                                                                                                                                                        SHA-512:8484AF16073C9CDE88E67BECBE2C1C126FC4761323C7A2AD71D869447649A8529D23A3CB779F34E1FE388A0004BD9FEC4B801E1FBB8B527BC39BAC97AE48C2E7
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............."!..0..............3... ........@.. ....................................`.................................<3..O....@...................)...`.......2..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p3......H........ ......................P .......................................O...u..?...[\.....2..[ y..m....>...,....m..9..GS6...B0d:..]u^...O..E.......a.7F.......i.4#....iH..+..E.y%.Bc...Hm....n..BSJB............v4.0.30319......`...$...#~......l...#Strings............#GUID...........#Blob......................3................................O...............Z.............m.........,.W.........5.............p.....p.....p.....p.....p...E.p...b.p...z.p.....p.................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Handles.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15632
                                                                                                                                                                                                                                        Entropy (8bit):6.822445014968599
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:NHx15LTIWASmWOpWjA6Kr4PFHnhWgN7agWyA8RwX01k9z3AeJRf/R6Lv:NR15LTIWASmWOYA6VFHRN7a9R9zrJRw
                                                                                                                                                                                                                                        MD5:80FC1F4FCBAEBFB32BC62687AB95A9BD
                                                                                                                                                                                                                                        SHA1:C20C3D1039A0B374393694CF0A7921B3FFB54161
                                                                                                                                                                                                                                        SHA-256:6DE0F580DBCCB63C2B6053AC81CDAFD7FDF5C8A1B177D336DD75D9E1DD176E0D
                                                                                                                                                                                                                                        SHA-512:B4E8AED6A8F81F3E7DD206FCCF06BE65E6186700CCDCBD741B08172AE7D6F74EDF2241E59AFDFDCA212DC5AE01B5399AF79F150D4BFDC0D8784714DC930CA133
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...wi............"!..0..............)... ........@.. ....................................`.................................|)..O....@...................)...`.......(..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H........ ......................P ........................................t.[.%{*.d*&.WQ.O.!......."...F.z.NQiqD.....v...gCI?r.U............h.\</]....a..q}V.....d...t.S.. .I..7.^,s.....9..t..&..q.BSJB............v4.0.30319......`.......#~..L.......#Strings....P.......#GUID...`.......#Blob......................3................................................(.x.....x...f.F.................'.........L...........a.......................H.....z.....|.x.................@.....

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.InteropServices.RuntimeInformation.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32008
                                                                                                                                                                                                                                        Entropy (8bit):6.450786767544824
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:JYWHcUWW2i5ctERQXIG6KMWFYpmGRIOBB/rSYA6VFHRN792R9zza+X:Jm8SAKMWFkmGakB2FCl9K9zL
                                                                                                                                                                                                                                        MD5:25B91230BE0B6D4FAC1B999ECF8FC76C
                                                                                                                                                                                                                                        SHA1:2D943785738A21D9C2026726C8500A606E022D8E
                                                                                                                                                                                                                                        SHA-256:1A536B20C7FD07A4B156C6C68048AAB24BDDC19786C98704E7EF11FBDDACCA0C
                                                                                                                                                                                                                                        SHA-512:B3AAE1F551B4CE642BF5B347F35186A1F7B8BE08F4F186971FB3D99991C24E5F04BDBFC70EF4A46DB87A420C95ED9E3C1AE0A7B893D5C7B5CF9A5193B1D4D64F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...j..........." .....H...........................................................+....`...@......@............... ......................................H........T...)...p..p.......T...............................................................H............text....F.......H.................. ..`.data........`.......J..............@....reloc..p....p.......R..............@..B............................................0...........................p.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.InteropServices.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):51984
                                                                                                                                                                                                                                        Entropy (8bit):6.480267391585499
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:sBfoK6fKUINsWW/z2rg8Z61rvZqhwFLXFMjKYuPt3FClT9zL:sBfoWUINcz2r1GqhwFLFMjKPPt1i5zL
                                                                                                                                                                                                                                        MD5:88512250F0E7ED903BFA2A457CCFBE9F
                                                                                                                                                                                                                                        SHA1:9020853BFD6C297AFCECDD12AF6014A57111DE7A
                                                                                                                                                                                                                                        SHA-256:BDA3738F6C45B50862D09DDE795B4FD27E31815DDC8918A16F63B2C4BACA5FB2
                                                                                                                                                                                                                                        SHA-512:B4419F8431B756B4262195013068E4E851A17B49972C9E3112BAF2C22EDF795E82C614A4B2BBA0613E60E873FC8093EA302E18F68B8E85FFB3504D04A9DBEAA9
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...O............." ......................................................................`...@......@............... ....................................... ..P........)..............T...............................................................H............text............................... ..`.data...............................@....reloc..............................@..B............................................0...........................|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...V.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...R.u.n.t.i.m.e...I.n.t.e.r.o.p.S.e.r.v.i.c.e.s.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...f.....F.i.l.e.D.e.s.c.r.i.p.t.i.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Intrinsics.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16656
                                                                                                                                                                                                                                        Entropy (8bit):6.677337531505305
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:tTBV9nrJAlvWmpLWNpWjA6Kr4PFHnhWgN7agWySnE8RwX01k9z3AeJR7oA5k:D1QvWmpLWNYA6VFHRN7+E9R9zrJR7o7
                                                                                                                                                                                                                                        MD5:514CEF61159B16DE1FDAED7056A3E0D9
                                                                                                                                                                                                                                        SHA1:7ED1FB6A569A7C9E8507876A094334CF9F3B0969
                                                                                                                                                                                                                                        SHA-256:A421933A4B9EEA4170EE68EF1754DBA590970599CA2F5B52F92DE7B0DC2769AF
                                                                                                                                                                                                                                        SHA-512:4450BB36331EF7B9F08F7527E3C3509393CBD58CAA27B1BDD877204CF0934C684CB78D81231B94868524AC5F031AC3E8DF234F55567CDF54691510CB2184D6BE
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."!..0..............-... ........@.. ..............................~z....`.................................d-..W....@...................)...`.......,..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H........ ......................P .......................................l....@..... 22....8..0..4|....."...~e._.=..x.?..1.....d.........*>]wD..3..g.f.."J...-.B.4..."w....S.|...z.a..G..6..7s.$.BSJB............v4.0.30319......`.......#~..<.......#Strings....$.......#GUID...4.......#Blob......................3................................9.............................p.........?.....g...................1.....1...}.1...4.1.....1...X.1...u.1.....1...(.1...O.............

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Loader.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16136
                                                                                                                                                                                                                                        Entropy (8bit):6.727108508133854
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:UW0SQaRxxocuW5yGWLpWjA6Kr4PFHnhWgN7acW66NqPY00pyEuX01k9z3AL68ZIR:UUQW6JW5yGWLYA6VFHRN7fEpcR9zUU/
                                                                                                                                                                                                                                        MD5:2724E3263871899F2684D8B2432A370C
                                                                                                                                                                                                                                        SHA1:F5A9EDDFFC2BF60D77BB194BBDBB6CDF5D353A52
                                                                                                                                                                                                                                        SHA-256:69F2DA7C2A3EA6F0C742EBBDD422ECE10D050B982424773C9E07368E06401592
                                                                                                                                                                                                                                        SHA-512:329DF6407F7A69F85318D656092A5F78C78ACCA8F998290DBCB159E4D7E9F8616939E91536A94606F71DFDFD75B2E410D07CABB8D4B018F9A3122140DF1263A6
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....{..........."!..0..............*... ........@.. ....................................`.................................8*..S....@...................)...`.......)..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p*......H........ ......................P .............................................:..1.,c..D....p1..7.......Z.O..$.....*i.mCd7=w........ ....J..g....1:.V.Rv.M....F..}.h5........f)#&.c...,......vBSJB............v4.0.30319......`... ...#~..........#Strings............#GUID...........#Blob......................3..................................................,...4.,...p.....L.......R.........t.....l.....V.....V.................................................,...........

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Numerics.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):221960
                                                                                                                                                                                                                                        Entropy (8bit):6.872789919122551
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:d1Bg53qlzkOGjMD1jUZVEJrSALXuDcWro1CS:jBgxqlz1GgDRKVEJOIuDcWcCS
                                                                                                                                                                                                                                        MD5:C1D83BB993CA11B212B0B44576DD31E3
                                                                                                                                                                                                                                        SHA1:E819306131C8FDEB9CF89DDB0C9DAAA5B517BF22
                                                                                                                                                                                                                                        SHA-256:CD2F87FC4EA7F88B52EB8521EDE7D36B80BB329FAA8DE163BC0C0491832D0F74
                                                                                                                                                                                                                                        SHA-512:29D3EA8C257893095C6B076F1F17D903A74EF7E7AD4AE52C87B7746168BEAB1D828D2EEB037FC1AF76C5CBC2A61629F04873248A96456340EFDAB1EE96341692
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ......... ...............................................`......~t....`...@......@............... .......................................T..x....:...)...P......P...T...............................................................H............text...1........................... ..`.data...P....0......................@....reloc.......P.......6..............@..B............................................0...........................<.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o...x.....0.0.0.0.0.4.b.0...H.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...R.u.n.t.i.m.e...N.u.m.e.r.i.c.s...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...X.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Formatters.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):322824
                                                                                                                                                                                                                                        Entropy (8bit):6.695090576962379
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:5vZzvy5t66x3yEHAc1mZdOqZYqdKfR8wwWRwG/Y14CFYHQ9B7B:/vSiEHAc1mZ4q0uRawG+dz9B7B
                                                                                                                                                                                                                                        MD5:025DB3101A59BB29AFE8FCDC33D5590A
                                                                                                                                                                                                                                        SHA1:0AB913D0EEDAB18146897D866EBF785C78681439
                                                                                                                                                                                                                                        SHA-256:B7BA1AA2D0276DEDA176C1AD572C3C4FAD224FFCFEFC045896B52AD730673EB7
                                                                                                                                                                                                                                        SHA-512:3E3B9CE99C4BAC8E4B00C38E93DE59EAFBD0651F03A5E25E51916D399318B958FDCAF95AB961688C1318E117727E1D12EA2C43F0EBF79E4E0126CB3B113B924C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....V..........." .....p...R............................................................`...@......@............... .......................................o...........)......(....&..T...............................................................H............text....n.......p.................. ..`.data....I.......J...r..............@....reloc..(...........................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...h.(...C.o.m.m.e.n.t.s...S.y.s.t.e.m...R.u.n.t.i.m.e...S.e.r.i.a.l.i.z.a.t.i.o.n...F.o.r.m.a.t.t.e.r.s...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...x.(...F.i.l.e.D.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Json.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16136
                                                                                                                                                                                                                                        Entropy (8bit):6.730609288657777
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:kB9qNyVWbuPdB5W2YA6VFHRN7wYVMR9z2vn/:iayWudBzFClwv9zwn/
                                                                                                                                                                                                                                        MD5:686CD3BE26B4649484D56031B21627FC
                                                                                                                                                                                                                                        SHA1:4CE1F71FBCFAEE92A0D38F32BCACE1C4D077A488
                                                                                                                                                                                                                                        SHA-256:069AFF3EC1D53B0A2255DE6243A057E9B00AC6D01479F35382B2B16BB57A23A2
                                                                                                                                                                                                                                        SHA-512:9596C529CD67B37E7CBEEA03496B17DF4CD56D2519AB715D57290EADDA16D8CF72CD9F7A5E18AE10CA5787B856667BB9B05EC636C88DF1B4D8EEE2163FC3017D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....O?..........."!..0.............~*... ........@.. ..............................UH....`.................................,*..O....@...................)...`......h)..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`*......H........ ......................P ........................................_...DGw......GA..=..-G]V.....=.na........O.[.0.l'5d..a9.q4.+.*..v.2.cE.T...161..(O.........?.5..K. "....-...4.^y.'m..[.BSJB............v4.0.30319......`.......#~..|...d...#Strings............#GUID...........#Blob......................3............................................................3...........^.....a.......O.....O...w.O.....O.....O...w.O.....O.....O...G.O...I.........................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):28944
                                                                                                                                                                                                                                        Entropy (8bit):6.471330473213999
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:MHWFIBJBrW8trwhWKH0sdznMbKF+87makO2akSMHHDHEHsObEruYA6VFHRN7HqR4:MqCJBZtrelWW+8d8KnFClHG9ze
                                                                                                                                                                                                                                        MD5:A1968D6A862286C05F86EAC22F21B8C3
                                                                                                                                                                                                                                        SHA1:D23A410A8A4450EACE5AA230E088ACEB6743B29C
                                                                                                                                                                                                                                        SHA-256:938F43DB59DBED4F306492750DF1CA32B2F5F487AC00F1DCCF27830231F2DCB6
                                                                                                                                                                                                                                        SHA-512:8060EC092E97041AEC48E9F23BD27F8E8555161A74C213E182104E65F2B80E2285EB73F6A69EA4BFD8903936C59F958DE2F48AE297AF66942C6BE861B9C27DF6
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....@...................................................p............`...@......@............... ...............................................H...)...`..(.......T...............................................................H............text....>.......@.................. ..`.data........P.......B..............@....reloc..(....`.......F..............@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...h.(...C.o.m.m.e.n.t.s...S.y.s.t.e.m...R.u.n.t.i.m.e...S.e.r.i.a.l.i.z.a.t.i.o.n...P.r.i.m.i.t.i.v.e.s...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...x.(...F.i.l.e.D.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Xml.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16656
                                                                                                                                                                                                                                        Entropy (8bit):6.762030084243297
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:guYklmI8N5vBRMWsB4BBgWGYA6VFHRN72kFDR9z7WsKkR:OklmI8N55Ri6BBEFCldl9zn
                                                                                                                                                                                                                                        MD5:53330C1C8FD918CA2141C0039D72BC1B
                                                                                                                                                                                                                                        SHA1:51B86E844A3655398ED9DE18D7490429BB0F1E6E
                                                                                                                                                                                                                                        SHA-256:0F8A0BCEFBC1F0E854CFCDBA028C53C8D658B3CAA26706DE6D1BC89A92CB4C22
                                                                                                                                                                                                                                        SHA-512:D4F1CA15CE03EC02BD009B0D5E03612AF2C34C19E8D50F2CFE39C6CFD9C7D687CC95292F5A5548A11C7ECB3339BA816659BE535B6403B2F3BC955E8587DAE199
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"!..0..............-... ........@.. ...............................v....`.................................p-..K....@...................)...`.......,..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H........ ......................P .........................................].h......[..ja-R......Q....GD..>.U ...x..6.;...-.a.9.>_...J../.A...D.}Udr..mV......Q.....E.8.Sv..V7.Ov.5`.Z..XN.Q>EBSJB............v4.0.30319......`...d...#~......d...#Strings....(.......#GUID...8.......#Blob......................3..................................................f.....f...W.;.................Q.........=...........R.......................9.....k.....m.f.......................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):17672
                                                                                                                                                                                                                                        Entropy (8bit):6.6341633149040415
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:y6EvDj8NluLWgMM4BHWdYA6VFHRN7J/ecTR9z6Dw/:y6EvDj8NsPP4BGFClVzV9z2W
                                                                                                                                                                                                                                        MD5:C68962D082AF9B2AA66574EB7CC19E32
                                                                                                                                                                                                                                        SHA1:EB28F7AE0ADAB40F950098E6AC4C24EFA7A16031
                                                                                                                                                                                                                                        SHA-256:62C5827EB74A101342D3C02EC909B6F9F2CEF8C871A21AF93129BDAA16003EB7
                                                                                                                                                                                                                                        SHA-512:99BB410F23E4FD2AD46F8ECAE38C881BBAB0A6252DEFB25EB53CFF659323586A28B269B1061B04E23D0433F4E62D8E4A5260C0E80DF5C79A6DC19C137E06B4C7
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............0... ...@....... ..............................B.....`..................................0..O....@...................)...`......./..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................0......H.......P ......................./......................................BSJB............v4.0.30319......l...|...#~..........#Strings............#US.........#GUID...........#Blob............T.........3....................................,.....................f.......t...............7.......t...=.t...M.t.....t...B.t.....t.....t.....t.....t...e.w...&.w...r.........................T.....T.....T...).T...1.T...9.T...A.T...I.T...Q.T...Y.T...a.T...i.T...q.T...y.T.....T. ...T.....T...

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):42768
                                                                                                                                                                                                                                        Entropy (8bit):5.818262385725449
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:YBV0jdpFKYl5f4bGRi2xVbcVT4p8JOaFCl6l9zPh:kedGYl5f4bGR3G04OWi63zZ
                                                                                                                                                                                                                                        MD5:B515896FEB8F4B378E9F6FEE22F5F1E6
                                                                                                                                                                                                                                        SHA1:348411DE58A4156B649EE9C6277B2735D88345D5
                                                                                                                                                                                                                                        SHA-256:6B9AF60B2B7947B7B960EF3012ADC7A81E5ACF6E990BC3FE6AF51CB13E07F91C
                                                                                                                                                                                                                                        SHA-512:9889D61E5F03A59B54E80D2DB49606D13DD5AFCF45E0EAEA4EFD34BF46C66FE30780A68DBD920C0C1424855AC51F62DD836D010902573113C8E93869DB6A9C09
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...yU............"!..0..t..........^.... ........@.. ...............................l....`.....................................W.......X............~...)..........d...8............................................ ............... ..H............text...dr... ...t.................. ..`.rsrc...X............v..............@..@.reloc...............|..............@..B................@.......H........ ...p..................P ..........................................`.).v..v....2..#TU.eMX=.I..r...k@$.#...```.S.J...D5..........'..@......7...k.%Y........ 3*.j.......eV.{.3>..g....G.~|]iBSJB............v4.0.30319......`...l0..#~...0...=..#Strings.....m......#GUID....m......#Blob......................3................................T...............'.[3..".[3.....2...3....e.....>.. ....<3....<3....j!....j!....j!....j!....j!..q.j!....j!....j!..R.j!..&.[3..........

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.AccessControl.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):215336
                                                                                                                                                                                                                                        Entropy (8bit):6.694443379581404
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:LcFFAFBS7nsE9WXBeAJRAipIx7kgmlZnFW2iBeVICTiupU8TVUnVZ5PDMXZoKcQf:K7sE9kesRA2imlZo2XZcn3m
                                                                                                                                                                                                                                        MD5:9845B4D023FABDEFCFECDA062FC68781
                                                                                                                                                                                                                                        SHA1:DF17714A108EE4E81F8E0B32F3AECEA03ACB9157
                                                                                                                                                                                                                                        SHA-256:57F85C61E832FD5DDB91A3C161939CD8DB72A8A6DE449A83F5C3070E6DACF48D
                                                                                                                                                                                                                                        SHA-512:49F186BD9DA01A378D9DCB1D9EF575A653B0A6779F3196FE318E6C47661857BF2A15231B0FB552014D1F3DB7F04AB990B344DC7F354711ECB1321FE40BE16786
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...|..........." .........$...............................................@............`...@......@............... ......................................@W..p.... ..()...0.......#..T...............................................................H............text............................... ..`.data...n........ ..................@....reloc.......0......................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.........C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Claims.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):94480
                                                                                                                                                                                                                                        Entropy (8bit):6.450155185151261
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:vv1N9Mf5d/pMIJ7nZUyOuX3Gpafbqb9/8kGOQwQ7rzUU3q2bP6vOVFp6i/3zi:vNnMf5dhbJ3OuX3GpEbq5hOVys3m
                                                                                                                                                                                                                                        MD5:4CD484994224EC26CC86A61743DBFE6B
                                                                                                                                                                                                                                        SHA1:1BE9B7AA319B5F20FCA74C98BF57758FF7FCEDB6
                                                                                                                                                                                                                                        SHA-256:BC4EDCFC6BB6D79E110FBA0D203D96B5436D99969AD71C76A423A79410378A0F
                                                                                                                                                                                                                                        SHA-512:8CADDE72709AA52921C6175517B6DCC51D97D4207A1833A6071B876CFDC71BE0EFEF2CA65EB99E5B705A85E4F07CE363A0BBB55BC38C4BD6BE1483A5A871D6C4
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...T............." .....4...................................................p............`...@......@............... .......................................-..<....H...)...`..<...h...T...............................................................H............text...T2.......4.................. ..`.data...!....P.......6..............@....reloc..<....`.......F..............@..B............................................0...........................<.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o...x.....0.0.0.0.0.4.b.0...F.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...S.e.c.u.r.i.t.y...C.l.a.i.m.s.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...V.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Algorithms.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):808712
                                                                                                                                                                                                                                        Entropy (8bit):6.664977714687645
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:H9Dux8VLSQjVqSlDrd5BpwxL55pskx5d7Cil:Htux8VLSQjVqSlDrd5BOxjmkx5d7CC
                                                                                                                                                                                                                                        MD5:5475964C62302DFD0A25A7243A9515CE
                                                                                                                                                                                                                                        SHA1:2E4FF863094D9E72BB1454066002DCA346A290F1
                                                                                                                                                                                                                                        SHA-256:B9720FCA323DD3B0169ABF221692C7A3F236FAF90C5694E10FA2806B5E41FD03
                                                                                                                                                                                                                                        SHA-512:2FEEC780CA49E2E018C26C9BC43FC0D6CFBEC590318437621C65C7B155EE233FD34B7534E515F0967B4110CC2077CDA0C01E8232C3C5C0B5128FF25709C656E7
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...;............." .........................................................@......A.....`...@......@............... .......................................)...Y.......)...0..$....B..T...............................................................H............text...k........................... ..`.data...#~..........................@....reloc..$....0......."..............@..B............................................0.......................|...4.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o...p.....0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Cng.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):486664
                                                                                                                                                                                                                                        Entropy (8bit):6.690959844635634
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:SLV6FPkjfmpzkb1gH0BEuUWZpQmMcxhRl3W1E:RHFcY0BEuUWHQmMcxhC1E
                                                                                                                                                                                                                                        MD5:6285B8AFEAF9C4ECC2519A2ABCDA4A5D
                                                                                                                                                                                                                                        SHA1:AF11E8E1F8E904C93C47A28CDC606E66D2AB9C38
                                                                                                                                                                                                                                        SHA-256:B48DC65ABE78E81118D4C382C80650F5AE0D99AB6FBEBCD4DEAAB00FF7E0DBB8
                                                                                                                                                                                                                                        SHA-512:78DF10774CF735C6518E91D50ED5B2A0906F1174CF5F7A42B3328C5B688980540576F43BA73B133E2D2C1DB57D0A1AF8D1880DE02F234EBDC57B6F2E2D5400C3
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...<............" .........Z...............................................p.......J....`...@......@............... ..................................h........2...D...)...`......(0..T...........................................................h...H............text............................... ..`.data....P.......R..................@....reloc.......`.......<..............@..B............................................0.......................X.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........p.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...L.....0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Csp.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):189616
                                                                                                                                                                                                                                        Entropy (8bit):6.63337493461881
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:G6RmWBsH04GekCQUVP2xrwjy09JN/KBWAUQ335BotiEqKaMJDByGjLz:aWBs3jikjUBotrJMGjv
                                                                                                                                                                                                                                        MD5:6DA6288454299B3A91665D9A3FFD66BD
                                                                                                                                                                                                                                        SHA1:D2E26B1D89E7817899F6AD2898AC704CC6F2CD59
                                                                                                                                                                                                                                        SHA-256:89B1575E5F32F368B53496A3F15529FEDE58C0324E1A12FCD20609D6CA4DAA63
                                                                                                                                                                                                                                        SHA-512:A0301422806C16AA8990AC2936EB62468E089F4786909C41EAFDC4E6B0A40DBB7D3E1D544A954C705E8584E22FF30172A9909A860BACBC41C234BB640892949C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ................................................................\.....`...@......@............... ..................................h...lO..X........(..........."..T...........................................................h...H............text.............................. ..`.data....).......*..................@....reloc..............................@..B............................................0.......................X.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........p.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...L.....0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Encoding.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):93960
                                                                                                                                                                                                                                        Entropy (8bit):6.412269331705843
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:Rh4T10wJ4hT5wzwW7c1LyoOeSRzxIdvaJyiyTzk0:R8SH5wzXcLyheSRzxavaQjTY0
                                                                                                                                                                                                                                        MD5:C048A59F3891B02B3BC8A194F3D21026
                                                                                                                                                                                                                                        SHA1:30D9CEB4188CF4A4B17138CAEFD3B2451B05D292
                                                                                                                                                                                                                                        SHA-256:59FAD34EEEE26623D44EE9D541D0E53D89A4D8A42BFF59FE466950A771BF4CFB
                                                                                                                                                                                                                                        SHA-512:27674625D2D249BF794DBC7F893FA403245A78B3D3DE7E32C72EC9CC7F496C2AF6752FC87B4599462128BDCBDDDF459C6754E1FDFF6148E0EFB7255FF72DE270
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....&...................................................p.......|....`...@......@............... .......................................*..\....F...)...`..(.......T...............................................................H............text...C%.......&.................. ..`.data........@.......(..............@....reloc..(....`.......D..............@..B............................................0.......................p...(.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o...d.....0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.OpenSsl.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32008
                                                                                                                                                                                                                                        Entropy (8bit):6.247706814220908
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:h9WAmkijRW8bwPV0D/F/pQ+1+HCeqtwlSYmxNOcVIFN2PiYA6VFHRN7xRxB+R9zD:ALeqylSYm71VI6qFClxRxw9zfr
                                                                                                                                                                                                                                        MD5:9648F56C224A96801B518AE5386AA184
                                                                                                                                                                                                                                        SHA1:9896F6B1D9A296BA0FF244A555814D52D914431C
                                                                                                                                                                                                                                        SHA-256:FFF0AAE4CAB8C18D606E6246FE42F290143DB0D3A88A1A1229A77D8BD8441E67
                                                                                                                                                                                                                                        SHA-512:C73F115BB4D0F40FF4723B634F74B909F29142A930B90431FA4395B7A6EE4FF3A5715A9D141D92D56448578D6A325637207644A330DA92D2756D363840D8AE8D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....N..........................................................j.....`...@......@............... ......................................@........T...)...p..........T...............................................................H............text...'L.......N.................. ..`.data........`.......P..............@....reloc.......p.......R..............@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...b.%...C.o.m.m.e.n.t.s...S.y.s.t.e.m...S.e.c.u.r.i.t.y...C.r.y.p.t.o.g.r.a.p.h.y...O.p.e.n.S.s.l.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...r.%...F.i.l.e.D.e.s.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Primitives.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):134832
                                                                                                                                                                                                                                        Entropy (8bit):6.565847770018715
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:nmpOj/BZX3krpmsUjMM+JbVUowS0hcbGWbrrrrrrrrrrrrrrrrrrrrrrrrrrrrr0:OOzBZXCPMpcbGnKk
                                                                                                                                                                                                                                        MD5:5CF4F3F906B7DC346D47B0796B2D621D
                                                                                                                                                                                                                                        SHA1:FCF0DE67C5D07ACE0D8951C2537636F99DE8D300
                                                                                                                                                                                                                                        SHA-256:77ED6C9832BBECAE32FE536D891EDA847405FA6AFE8801BE05B37FF6F759D299
                                                                                                                                                                                                                                        SHA-512:B9F501D60EB7CF60480D2BA9F2115FB99A88E9D2014E36FB49CEE0654C4FF79E219A7F3E0E838E6902ECDE1187386C0819A39B88CE171B4207724EC05C39287A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....e............" .........(......................................................N.....`...@......@............... .......................................;...........(......d.......T...............................................................H............text...T........................... ..`.data....".......$..................@....reloc..d...........................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...h.(...C.o.m.m.e.n.t.s...S.y.s.t.e.m...S.e.c.u.r.i.t.y...C.r.y.p.t.o.g.r.a.p.h.y...P.r.i.m.i.t.i.v.e.s...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...x.(...F.i.l.e.D.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.X509Certificates.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):569112
                                                                                                                                                                                                                                        Entropy (8bit):6.705893750506672
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:vAcy1XypsaHU2lIwi3iX4MbITp9whYDgPbxmBVWDw7nzNZwz:vsXyG6U2l0yYDgPbxmfWDwrT2
                                                                                                                                                                                                                                        MD5:AD8966E489A4FEB1AD013A6B8A193D1D
                                                                                                                                                                                                                                        SHA1:354514606D252A88BC71D04DBBA4353C14B99FB9
                                                                                                                                                                                                                                        SHA-256:78D5ADA7A18329B9902DFBB0AFD4F2D3A56A761D1A25E28BE0959B9C7E856783
                                                                                                                                                                                                                                        SHA-512:E211E153EB349C249750172DBEFA48DEC4CE01D8A935D353C37C61E7E04B373A7C76C7E8D2CCA2FCF8DE77DC0BB6C3ABAF54829FC993DC80263C511EBF4BBF33
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....]............" ................................................................zc....`...@......@............... ......................................X...@8.......)..........p4..T...............................................................H............text............................... ..`.data...............................@....reloc...............z..............@..B............................................0...........................X.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Principal.Windows.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):151712
                                                                                                                                                                                                                                        Entropy (8bit):6.659992108362537
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:bhGUnc0ENS370LLFNAzreyfs2A1upqcyeeRAr:lvc5Np5N1Os2fmI
                                                                                                                                                                                                                                        MD5:64AEB21B8C192B802F2C7DBF18F9C2E0
                                                                                                                                                                                                                                        SHA1:3740D3BC11D4F46909FE0F552B146B473922D70C
                                                                                                                                                                                                                                        SHA-256:2DA3E9DCA14992E113B470A0D711A51FD265D7775D9AFFA7DBDF6BEC929601C0
                                                                                                                                                                                                                                        SHA-512:BC979D59F8F3D3AE8B0E7E9E4A7F76A6BE08D48A8940B014CDEA532B6EF10DA2DBE9D528A4F2ADEDF98D23C3A5B287F1570B1A0CDCC68FEEC5D7C1C3C0351425
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....J............" .........$...............................................P............`...@......@............... ..................................h....F.......(...(...@..........T...........................................................h...H............text...e........................... ..`.data...U.... ... ..................@....reloc.......@.......$..............@..B............................................0.......................X.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........p.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...L.....0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Principal.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15640
                                                                                                                                                                                                                                        Entropy (8bit):6.835682351794018
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:mFQiRxx1WjWVUFfW+WHWxNzx95jmHnhWgN7acWel9HeAwKUWX01k9z3Aia+6w7Eu:mT/EWiFfWTIX6HRN753HO2R9zza+d1
                                                                                                                                                                                                                                        MD5:66B8459A7C59846CD44FF73680C4D57C
                                                                                                                                                                                                                                        SHA1:5521416312890B86C416345F22DA8E1322E2F8E5
                                                                                                                                                                                                                                        SHA-256:10BDF418B380871231F3DB7EC68D756E5935D4EF39F97C017B07E5A4308C7468
                                                                                                                                                                                                                                        SHA-512:6BF64AFD3EA6D2D3EEF3EE8D278FC6504E7DB694AFDD5191883C3690B76C67F4F234F0B6CDF4945A5A705BC1B90A9C29D9CA4F3066AF18BEC2179230CC85AFF6
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...i............."!..0..............)... ........@.. ....................................`..................................)..S....@...................)...`.......(..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H........ ......................P ........................................H.....+C........Pe..w.G.....Rq...H...O..d.(.^...d...=m}..o.....d.32...r5\.%4u...l[....`P....5.pq:._..c5k.j...MDRBSJB............v4.0.30319......`.......#~..X.......#Strings....X.......#GUID...h.......#Blob......................3......................................F........."...........;...........f.......d.................k...!.k.....k...[.k.....k.....k.....k...B.k...O.k...v.............

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.SecureString.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15632
                                                                                                                                                                                                                                        Entropy (8bit):6.8222624190824
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:sXt7kBrr7Hxo5qW193WZpWjA6Kr4PFHnhWgN7agWF1tfKUSIX01k9z3ARq/c9:yterFiqW193WZYA6VFHRN72D2IR9zoH
                                                                                                                                                                                                                                        MD5:D250B5CDEAD6EB54586E910070B68674
                                                                                                                                                                                                                                        SHA1:68B939B43A46DB57F4B500CB51A9A976EFC0862B
                                                                                                                                                                                                                                        SHA-256:E0BC424EFD7068DFC45FEA7CB30AE38D0B1A654CC74EF6C1D501D2CE688F6E07
                                                                                                                                                                                                                                        SHA-512:DF8AFF3A868831E4F4F39385300D4B702C0321CF15E8D0B38A5059D44C454B21C8C82BA4D26CA6A2966DE9DB8E963788921B34896CAA357FEB3F39E50541131A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....%..........."!..0..............)... ........@.. ..............................r.....`..................................)..K....@...................)...`.......(..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H........ ......................P ......................................e.v...v..aNd.7...?.<j..l...2CeD?.i...s-.0y.Y.C........5T.h............}!...J%q4m.$........Q4.....A......2...'.d....dBSJB............v4.0.30319......`.......#~..P.......#Strings....4.......#GUID...D.......#Blob......................3......................................2.....................3.r.........^.......S.................Z.....Z.....Z...S.Z.....Z...w.Z.....Z...:.Z...G.Z...n.............

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):18696
                                                                                                                                                                                                                                        Entropy (8bit):6.605933383250857
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:p+rueDGLr3WsBDWuxYA6VFHRN72FNbZR9zahhe:teDGPpvFCl2FFT9zse
                                                                                                                                                                                                                                        MD5:05968C5075CF8057D3330A93AA54CF64
                                                                                                                                                                                                                                        SHA1:D7AD923779991EFFA838F107F949358B36AE1B99
                                                                                                                                                                                                                                        SHA-256:E9FE6E6B9C8F6FED5C3E44D094742F762E67528FF943FEFB52D03B0422D4F8A0
                                                                                                                                                                                                                                        SHA-512:2EB2925D269A1C09A1BF5012563A3509322C16CC68B04B3210EB47FA7A92DDC78D23C3CBAD99D4E2A3F326CD6CE4F3723980D834FE917173B0BFEA3AA45786AE
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............^5... ...@....... ..............................+W....`..................................5..O....@..X............ ...)...`......44..T............................................ ............... ..H............text...d.... ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B................?5......H.......P ..d....................3......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......H...#Blob............T.........3....................................O.................p...~.p.....;...............O.=.....}.....}...e.}.....}.....}...'.}...D.}.....}.....}...n.................7.p.................'.....'.....'...).'...1.'...9.'...A.'...I.'...Q.'...Y.'...a.'...i.'...q.'...y.'.....'. ...'.....'...

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ServiceModel.Web.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):17680
                                                                                                                                                                                                                                        Entropy (8bit):6.6083676504439905
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:AiSEs6760DX88Hg10WGlD5WdpWjA6Kr4PFHnhWgN7agW43fKUSIX01k9z3ARq+da:Axj10WyD5WdYA6VFHRN7xP2IR9zojda
                                                                                                                                                                                                                                        MD5:8D40E6093D4EB840E2480D6E383EB442
                                                                                                                                                                                                                                        SHA1:2EA0372488E3EFCFAB7074751DF8B60309DDBB0C
                                                                                                                                                                                                                                        SHA-256:9DDCC239CE0E75AA7845E6DE8B31ADAA25C6B5EEE78D75EE904CDBBED7C7BBA0
                                                                                                                                                                                                                                        SHA-512:9FCC45BDDCF4B187B15C8EDA5E6CA40D7825B7A6D1142772EEA9B70A1F9967D7A9C709E513B0EB91A2200F301A72F356142408861DC4FEA27AA0CF825C64A838
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............0... ...@....... ...............................J....`................................../..O....@...................)...`..........T............................................ ............... ..H............text... .... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................./......H.......P ......................`.......................................BSJB............v4.0.30319......l.......#~......,...#Strings............#US.........#GUID.......P...#Blob............T.........3....................................&.................................%.....?.....^.......S.....S...t.S...+.S.....S...X.S...u.S.....S...(.S...D.H.....H.........F.......{...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y......... .............

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ServiceProcess.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16648
                                                                                                                                                                                                                                        Entropy (8bit):6.715278782126483
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:alWpWnizlpFWqYA6VFHRN7qcTR9z6IkON:a4lFCl3V9zGON
                                                                                                                                                                                                                                        MD5:AA81502801E5AF25A5F74303D00A755A
                                                                                                                                                                                                                                        SHA1:590784EF4329D7F411979FFB77EA673C03B0539B
                                                                                                                                                                                                                                        SHA-256:F72F7BC1E1F16D3CF4F6C3162862F7F97B9108186BBD929B55DD94E6E98584D4
                                                                                                                                                                                                                                        SHA-512:509F31F1487081DD1D2B303B9C2F60E1620AF7D1D999A036B4B91FEAB085CD86101453E552993D1B913C5239AD575CC224708B3B6E23054E2E139B86CB66125B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...s.6..........." ..0..............,... ...@....... ..............................SS....`..................................,..O....@...................)...`.......+..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P ......................H+......................................BSJB............v4.0.30319......l.......#~..<...X...#Strings............#US.........#GUID.......P...#Blob............T.........3..........................................o...........w...7.w...v.d...........U.........~.....B.................a...................................".....\.H.....w.................^.....^.....^...).^...1.^...9.^...A.^...I.^...Q.^...Y.^...a.^...i.^...q.^...y.^.....^. ...^.....^...

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encoding.CodePages.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):871176
                                                                                                                                                                                                                                        Entropy (8bit):7.50414684491355
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:L47xn7kZQ6kliVreJIHHr0tRYbKr2KtG9VKABC6rPfREDfP7/1qiVhIWCC:LK9km6k/IwRYbiBeKGCUREDrZV2hC
                                                                                                                                                                                                                                        MD5:9D199E9F27CB473674BAB5BFC70F6871
                                                                                                                                                                                                                                        SHA1:F7069C033BB340E81C1BE7BD4BC062EE21347B09
                                                                                                                                                                                                                                        SHA-256:5FA8A35279B15DE005337AC2B59CDE11A147C21143B12564A453F1CD44566170
                                                                                                                                                                                                                                        SHA-512:D46DA52295442A82DFDD6BD3CBB2949A79CD8B51B31EB1E176476E455D216D1C7ED55ED6F4B44289A3081C8A9C06020DE29C8F0D0D22CA40AAC117D043F740CF
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....g_..........." .........&...............................................P............`...@......@............... ......................................LJ..L...."...)...@......."..T...............................................................H............text............................... ..`.data.... ......."..................@....reloc.......@......................@..B............................................0...........................D.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.........C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encoding.Extensions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16144
                                                                                                                                                                                                                                        Entropy (8bit):6.7268764981814115
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:mNZvlXIW6zJWUYA6VFHRN7cUvY2IR9zoOaC:4s1FClZvbU9z3X
                                                                                                                                                                                                                                        MD5:DB5F67EC7D4CEFE625549E650C2B783D
                                                                                                                                                                                                                                        SHA1:0EE4FB5F26575B570122AE3C9A184DDD0B3EBA49
                                                                                                                                                                                                                                        SHA-256:3CC4AFFE60DC1DE5F66706B39A24D7E96D708A463A9A92A05288D6BA246E09E5
                                                                                                                                                                                                                                        SHA-512:4D86E8E161CEFB0596F1D98D52D18107CE51D6155D42C1BDDC200710BCA88317B01B2E0E84C39E85E7E70E9023B2AFB2E79737F3ED32973EB0D3106806F4247A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n............."!..0.............n*... ........@.. ..............................\.....`..................................*..O....@...................)...`......\)..8............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P*......H........ ......................P ......................................Q.(..e.NMO`._jh[......Js....o H.......0-.....w S...a...6.T..q../..0........,)..@LqS<.......a....hG.X-.o..3./.!...~#.{>.p0.B[...BSJB............v4.0.30319......`... ...#~......H...#Strings............#GUID...........#Blob......................3......................................v.........I...........b.............H.........$.....b...........H...................................i.....v...................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encoding.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16160
                                                                                                                                                                                                                                        Entropy (8bit):6.78497387239177
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:d+gBIojxxXjWfPNWRxWxNzx95jmHnhWgN7agWQY/TAgfcMbnoQNpX01k9z3Abte9:dJNjWfPNWRaX6HRN7sT/7R9zCS
                                                                                                                                                                                                                                        MD5:3E33747D79B6584609C60EF5A8318F5A
                                                                                                                                                                                                                                        SHA1:BCA2F7FBF2E45DC02C40C263FEE708624C9102AC
                                                                                                                                                                                                                                        SHA-256:068F309AC98BD15B1EFF243759661CC21F30E1B4CC02CCF8317233FA31D3B7CA
                                                                                                                                                                                                                                        SHA-512:4624C53E6E7F02E4A064FD0239C0B4B8B18A325470E9DFE051600E2CE7B1B53F7C18D5D51BAE978FA2216E0ADD928346EDA41D4F210A3556C7A7761B5D257E83
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...q.{..........."!..0..............+... ........@.. ....................................`.................................P+..K....@.................. )...`.......*..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........ ......................P ........................................M...V_.".....Y.).......lLj3..l.oh.,...R.M7....Mx.*q.cV]...L.n=..^..1.x...#c...Q...~..m8.y...ACz3.X.k...[.8A.g.n.b}.....BSJB............v4.0.30319......`.......#~..........#Strings............#GUID...,.......#Blob......................3................................................"...........;...........f.............................!...........[.......................B.....O.....v.............

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encodings.Web.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):131376
                                                                                                                                                                                                                                        Entropy (8bit):6.512717394823719
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:ze6mI/UjfYxSwKqqOAl/Rn0nzg9RaBiTV:q77jfY8BSza2iV
                                                                                                                                                                                                                                        MD5:F596694C6924FFA61DD21A0F36FDD0BD
                                                                                                                                                                                                                                        SHA1:21C64C8FBDC2AB6065E70E6A500537137FEF60FD
                                                                                                                                                                                                                                        SHA-256:146CC7B373565F4B88558690F9B2132CC308719C72AC2603F7199E0EC6A21FE7
                                                                                                                                                                                                                                        SHA-512:36644B0A2842C8BD5A7EA6F6F435916FD9ADE2F3039AA7C7652E6EA85E41019B0D9470DFA7B1D99A766FE9332521D87605E644FAF9749060C2016277BE89DB66
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...}.&..........." ......................................................................`...@......@............... .......................................0..........0)......,...h...T...............................................................H............text............................... ..`.data...K...........................@....reloc..,...........................@..B............................................0...........................\.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...Z.!...C.o.m.m.e.n.t.s...P.r.o.v.i.d.e.s. .t.y.p.e.s. .f.o.r. .e.n.c.o.d.i.n.g. .a.n.d. .e.s.c.a.p.i.n.g. .s.t.r.i.n.g.s. .f.o.r. .u.s.e. .i.n. .J.a.v.a.S.c.r.i.p.t.,. .H.y.p.e.r.T.e.x.t. .M.a.r.k.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Json.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1486120
                                                                                                                                                                                                                                        Entropy (8bit):6.807053388231781
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:BMUw61/OBH5KoaypUegQ/INE5bk9u7hInuKqO:C6mwZAUegqINGg3uY
                                                                                                                                                                                                                                        MD5:4281F86C7DA4EC32A1579D04D1A34467
                                                                                                                                                                                                                                        SHA1:B6D46920575587878DB36A68FEDFA6FEF09A2A27
                                                                                                                                                                                                                                        SHA-256:0EFF9FFCA65F556D8BE24E4EDDA1D08640A6D040082B8D34B993EC292BAC10FF
                                                                                                                                                                                                                                        SHA-512:697E0BA5BF9B97C300E5B66E61608285C1CE0E4B48B52C5BAF5CA33FB0D405F72E2AA5A50C7E6E6B8C5A7D922232189E1EC26F2B967977B74579572D3B772133
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....8...J............................................................`...@......@............... .........................................L.......()..........HP..T...............................................................H............text...x6.......8.................. ..`.data...O....P...0...:..............@....reloc...............j..............@..B............................................0...........................|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....I...C.o.m.m.e.n.t.s...P.r.o.v.i.d.e.s. .h.i.g.h.-.p.e.r.f.o.r.m.a.n.c.e. .a.n.d. .l.o.w.-.a.l.l.o.c.a.t.i.n.g. .t.y.p.e.s. .t.h.a.t. .s.e.r.i.a.l.i.z.e. .o.b.j.e.c.t.s. .t.o. .J.a.v.a.S.c.r.i.p.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.RegularExpressions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):530184
                                                                                                                                                                                                                                        Entropy (8bit):6.7797079476090305
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:fDaJSWfE1hvpmzn7z/HpVxn87bC/m+VvHKHhiKpwR4wcMPVZ22xS+yLARBf:DW2Yzn7z/HpVxn87e/m6CHhUPVZ2iOL4
                                                                                                                                                                                                                                        MD5:0F128F48BAB6D1D52889BE2FF1EEFED0
                                                                                                                                                                                                                                        SHA1:06A028FABC2691AF5F2E5A661FB78075A0C1C2D8
                                                                                                                                                                                                                                        SHA-256:CBA15580E79FEC0A44337BAD40F35285ABA0C7A02E43EB84EEC3415738105CDF
                                                                                                                                                                                                                                        SHA-512:123C019921C949112A2A944D2A441FF53E7B09E6E14E239656F25B22EDE5520E5DAB877041F8A144F608D4AA3D2E0BA0C4EDE65ED928D5FF7BA63F585534CE55
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....|...p......................................................=&....`...@......@............... ......................................|...|).......)..........0)..T...............................................................H............text....z.......|.................. ..`.data....f.......h...~..............@....reloc..............................@..B............................................0...........................|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...V.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...T.e.x.t...R.e.g.u.l.a.r.E.x.p.r.e.s.s.i.o.n.s.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...f.....F.i.l.e.D.e.s.c.r.i.p.t.i.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Channels.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):125208
                                                                                                                                                                                                                                        Entropy (8bit):6.692637451202541
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:jzHXIurk9aiG9fxBFXRPxlhzKhtTwg8AHWDV5yWR63:n3E695BFXRplhOzwDDjRM
                                                                                                                                                                                                                                        MD5:CB464FDA974470435C4CA140B4FADA57
                                                                                                                                                                                                                                        SHA1:D19EAB3F2D239CB5DF052757838D33332317C136
                                                                                                                                                                                                                                        SHA-256:EC11B988107C97601DE33DEF84F7259A36BC3007FFD9CDB584891114F9B41E46
                                                                                                                                                                                                                                        SHA-512:AEBC1EAA4B2687D24C8A5B408AB16D153B576B9832F41A553F28D576D545451D2259EDBD63960D9D7AD3723D3BA5CE36346089A77E515AB807FA9CD521ED7711
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" .........*......................................................).....`...@......@............... ......................................T7...........)..............T...............................................................H............text............................... ..`.data....%.......&..................@....reloc..............................@..B............................................0...........................8.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o...t.....0.0.0.0.0.4.b.0...8.....C.o.m.m.e.n.t.s...P.r.o.v.i.d.e.s. .t.y.p.e.s. .f.o.r. .p.a.s.s.i.n.g. .d.a.t.a. .b.e.t.w.e.e.n. .p.r.o.d.u.c.e.r.s. .a.n.d. .c.o.n.s.u.m.e.r.s...........C.o.m.m.o.n.l.y. .U.s.e.d. .T.y.p.e.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Overlapped.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16136
                                                                                                                                                                                                                                        Entropy (8bit):6.733717704448286
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:fDt+HYCHcXuHV2HDHtWcNHWZYA6VFHRN7V04MR9z2WA:TzeFClVU9zxA
                                                                                                                                                                                                                                        MD5:05AF5514B2968C6042C5B14CB5401F23
                                                                                                                                                                                                                                        SHA1:3B5825931632C7CA230CA1FABD9EBAD1C8304EB3
                                                                                                                                                                                                                                        SHA-256:5C1B1C2129E8A201CB583F6595BFD9339D2A6D52F4F371C8013C85147EC94E32
                                                                                                                                                                                                                                        SHA-512:58F41A7BE222226A3BEF4271DF0555C6B6C3668C007153C98ECC422D0113F50FDABA0036A2F285D625B5D93E7DCB3F17BC9AA2C8E1193C353D6453504FFA1AD9
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c............."!..0.............n*... ........@.. ..............................."....`..................................*..W....@...................)...`......\)..8............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P*......H........ ......................P .......................................3.2.]].4..k...)~ys.t...2.>=..+W.3.l. ..Q..9...."......>drf.mAz..*.=.g..\|EDps.......m..m.c.v%...yJ'-..E...6...*s]:...j.....BSJB............v4.0.30319......`.......#~..x...H...#Strings............#GUID...........#Blob......................3......................................................4...........7.......c.........t.....}.......c...V.....{.................9.....................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.Dataflow.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):505608
                                                                                                                                                                                                                                        Entropy (8bit):6.7763170175701335
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:Q5EzXX03uPIhSTcNO/LSsjM5REz4sr4CGFHD6ioscEu/L2SJkSGskfT5v3P1m9rM:Q5Ib0CGFHuioHEdS2vBb5v30COTxwZ
                                                                                                                                                                                                                                        MD5:E332D97CC4AE5DFC6606640A64E7A766
                                                                                                                                                                                                                                        SHA1:ED7C0E78AEC95A6AE10F9DFA7B62728C06E4744A
                                                                                                                                                                                                                                        SHA-256:3411CCC0B6BA1FF70D550A8B7D2D3A373A79584B36C90C06D7BF400AA74EB39A
                                                                                                                                                                                                                                        SHA-512:900ACB2D761A285D7F0E97C9F548D166535329F722D99B285715F284C0C1392AFBEFF44A9E67DA2DF2866177A6778CA9D4F038C3EFF5560B872DB4398D56F5D8
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..............." .................................................................6....`...@......@............... ..................................l.......HB.......)..........x"..T...........................................................p...H............text............................... ..`.data...J...........................@....reloc..............................@..B............................................0.......................\.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........t.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...P.....0.0.0.0.0.4.b.0.........C.o.m.m.e.n.t.s...T.P.L. .D.a.t.a.f.l.o.w. .p.r.o.m.o.t.e.s. .a.c.t.o.r./.a.g.e.n.t.-.o.r.i.e.n.t.e.d. .d.e.s.i.g.n.s. .t.h.r.o.u.g.h. .p.r.i.m.i.t.i.v.e.s. .f.o.r. .i.n.-.p.r.o.c.e.s.s. .m.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.Extensions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16136
                                                                                                                                                                                                                                        Entropy (8bit):6.821262984361922
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Z7z05p091rcmOD5RnGWSNXW0YA6VFHRN7xWMR9z2cO:Z7gAuEPFClz9zq
                                                                                                                                                                                                                                        MD5:7175CFF820ACB9389C713410DD582063
                                                                                                                                                                                                                                        SHA1:F1C47E2B46084FEFFB44BB88D51A3932FB1F3042
                                                                                                                                                                                                                                        SHA-256:D060226E814A1DDF9F607AFAE51F7D5698F8E435A63FCE107E78239E349BA2AC
                                                                                                                                                                                                                                        SHA-512:BCDEBAE2F49084BC3F5AB9097715235E6C0A2257A783B14EAE49F2BA16DD59DA87CDE24DF5CEE6732194F8146B34B0ED4428BC2847E5ACCDA95FF637EC32A5CD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?x............"!..0..............+... ........@.. ..............................l.....`..................................+..K....@...................)...`.......*..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........ ......................P ...............................................W'Z.H......l..j.d....&v..j..\.Q_u...]><{Hr..1.+K....L..=........N.....3.M..."*B.8Q.e.....3.~:..L...Qs]..3........jg|BSJB............v4.0.30319......`.......#~......8...#Strings....(.......#GUID...8.......#Blob......................3..................................................z...v.z.....H...............G.......[.....[...............]..........._...........9................./.z.....p.....

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.Parallel.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):139024
                                                                                                                                                                                                                                        Entropy (8bit):6.702745878398023
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:brCD+EGnNfGAKUDXxT3LBzdQZ4/FJg9C5OR291oVcJUQz:Hw9GNGAKUbxxzKZ8zaCUQ
                                                                                                                                                                                                                                        MD5:906D0531114C584A2E5EA50BDA99DDC2
                                                                                                                                                                                                                                        SHA1:FF650B1743C72683BC0019DB15332D01DE6ED993
                                                                                                                                                                                                                                        SHA-256:BF2C3F9EBC2A48493796F4002984F43E4630A2DB3FD26F70BD79355F3FF1D563
                                                                                                                                                                                                                                        SHA-512:9F50718BA3C3EC370D3AFAB850B962539CD3C84FC222485DE68289129C0443DD880B86CFED46F68CB9860CB8984E9C09386D3B756B908E160FE55CBEEC2D47AD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....\..........." .........*............................................... ...........`...@......@............... .......................................;..(........)..............T...............................................................H............text...b........................... ..`.data....%.......&..................@....reloc..............................@..B............................................0...........................|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...X. ...C.o.m.m.e.n.t.s...S.y.s.t.e.m...T.h.r.e.a.d.i.n.g...T.a.s.k.s...P.a.r.a.l.l.e.l...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...h. ...F.i.l.e.D.e.s.c.r.i.p.t.i.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):17192
                                                                                                                                                                                                                                        Entropy (8bit):6.7117476098810185
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:5vCj4AG3tNKiuqFzTR9WHRzWGwYA6VFHRN729WR9zjD:9Cj4LNRuN7wFClF9z/
                                                                                                                                                                                                                                        MD5:0822C689624C42040E5E6F38752AF2C8
                                                                                                                                                                                                                                        SHA1:21002E79AE998FC7B5453C77F09CB036710DBEAD
                                                                                                                                                                                                                                        SHA-256:E9B81690E9D7B3D67C32EB5948D63CC3E1136FF8FA19A19F2A0F5572FF6F8788
                                                                                                                                                                                                                                        SHA-512:1D5D2606C5FEB76EC2187098090DD928C4491EA69A5A46BD5ADAFD2EB8052CAE050F473AA8C078061965960CCBD126543B684EA18EA3D9DD50B8C1C8D0D057D4
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....L..........."!..0............../... ........@.. ..............................}.....`.................................h/..S....@..................()...`..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................./......H........ ......................P ......................................c.-..6.....f.7.......Y..C..{,.K..V[v|..P....t"......[c@.......l.,.tB.^K.i...$D...M.f.+..Vn.J......l.#......_.b.....S.iP..BSJB............v4.0.30319......`...P...#~......|...#Strings....,.......#GUID...<.......#Blob......................3................................/.....Y.........\.7.....7...u.....W.......&.....t...7.....@...........[...................................|.............7...........

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Thread.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16144
                                                                                                                                                                                                                                        Entropy (8bit):6.760009477775305
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:x6z2EZZV7DiWcZ7WjYA6VFHRN7/QD9R9zrJR+:axa0FClYb9zG
                                                                                                                                                                                                                                        MD5:3661BDD366B6EE1834577CB553D41C88
                                                                                                                                                                                                                                        SHA1:35DB9E13602F99C97F505E12624EFF3E873FD553
                                                                                                                                                                                                                                        SHA-256:E5575C2CFB312E9239978A2D439802F4D8D55C776D10B763ECBE20D2057982E9
                                                                                                                                                                                                                                        SHA-512:43C774556594FBFCC437B1A02FB1C938624E6D379985731A41F78E3782ADA4D8C143D32886794A7ED865FC917378C427DF90144D364F9ECBB8ADDF18CD129FC6
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D{B..........."!..0.............>+... ........@.. ....................................`..................................*..W....@...................)...`......4*..8............................................ ............... ..H............text...D.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................ +......H........ ..d...................P ......................................Lz.F.E.8B.1.@'.....mL.6%"U?B._....s.2.../}}....A.../yt >'\7...8r...v7..]..q.3.P..O.(.....r..E..Z...!@.z.v.......:....j..BSJB............v4.0.30319......`.......#~..........#Strings............#GUID...........#Blob......................3......................................].........U.@.....@...n.....`.............y...0.!...9.!.........T...................................u.............@...........

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.ThreadPool.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16160
                                                                                                                                                                                                                                        Entropy (8bit):6.712802666065952
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:ZJ92mRTaW/pBqWEFvWecX6HRN7NtFDR9z7WJFcHv:Zv8v0WNfl9zaFcP
                                                                                                                                                                                                                                        MD5:EC4FF753DA77ED8B2886F1E405A35DBB
                                                                                                                                                                                                                                        SHA1:5EFD154E9DB2D9F5428ED5C7E2CD2E7A6C284641
                                                                                                                                                                                                                                        SHA-256:AA213B5B4B02F04217B98064E0E6C8E67D4CF7297035578A8DEFF06044BC9427
                                                                                                                                                                                                                                        SHA-512:217DCD7F7BAD548BCDBFFAA24B41A56C9CE42BDBF6A08EB1726B58D3CAA0495D8492B3843EA19143D09B7B25B33AA245F45DBF88CC59CA476FBAF9736D977B40
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"!..0..............*... ........@.. ....................................`..................................)..O....@.................. )...`.......)..8............................................ ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H........ ..D...................P ......................................~+xk.f..{...,....H...P$../$..U.x"..ve........{`.....[....=QS0...K.A........AX..,.2...L.......GM.....gdt...e..#.`..f...BSJB............v4.0.30319......`.......#~..d... ...#Strings............#GUID...........#Blob......................3......................................P.........7...........P...........{.............................6...........p.......................W.....d...................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Timer.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15648
                                                                                                                                                                                                                                        Entropy (8bit):6.818215198409436
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:bRif6GCuqMffMIMWsmCWbkX6HRN7g55f9R9zrJRu/NjB:bR9ufnsWk5X9z2/Nt
                                                                                                                                                                                                                                        MD5:DA63DF1047EC11E67E31B84DA75139F8
                                                                                                                                                                                                                                        SHA1:9806EB4FAE997FD0DBDC8DEEB08A1224B6824DEF
                                                                                                                                                                                                                                        SHA-256:FA32A8375FA17F7B2F2ED34B1ED45330A2506DAF0FAE769B9CBC956E36F38DE6
                                                                                                                                                                                                                                        SHA-512:A605F33DE535ADD828B51D636A1D93D642D5D6C998A9A41C527EB62C57C04C346938D86AFFA14A4ADF7B891B7CD3E8E859E7027BC056C8F40E10D3CAB5B348BF
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Y............"!..0..............)... ........@.. ....................................`.................................T)..W....@.................. )...`.......(..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H........ ......................P ...............................................F...d._6....?.woY"...(......r.y...."H!T.....k).%...z...L.a+J.kM...S...;...ew..89.....3Ar.K...^.j..j..'!/....b._BSJB............v4.0.30319......`.......#~..<.......#Strings............#GUID...(.......#Blob......................3......................................(........."...........;.y.........f.......C.................J...!.J.....J...[.J.....J.....J.....J...B.J...O.J...v.............

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):80144
                                                                                                                                                                                                                                        Entropy (8bit):6.549870749231894
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:5Tc5R35Dx0ibqDo9suGxd1JARH7AWl7iLzn:5A5R3YHDo9gxd12KWl7M7
                                                                                                                                                                                                                                        MD5:217C90BF12B38AEDA557263C7AF4A306
                                                                                                                                                                                                                                        SHA1:56390B1AC126C7BD229EC1B221E7E78BCD35B92F
                                                                                                                                                                                                                                        SHA-256:31F5BB9877E0777AC208A34CB63CF97E4146BF9DDBBB0B8CB451633E7C543F9E
                                                                                                                                                                                                                                        SHA-512:E34AF975E3189846804F2716CDBCD6FFE8D06A6A1D41C9462DFF64DFB79642EE84C944A064E35AD94E9E65B10F0B33CF604928639586137F1F00551AEDD87D7B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....a..........." .........................................................0.......Y....`...@......@............... ..................................d....*..\........)... ..$.......T...........................................................h...H............text...K........................... ..`.data...............................@....reloc..$.... ......................@..B............................................0.......................T.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........l.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...H.....0.0.0.0.0.4.b.0...:.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...T.h.r.e.a.d.i.n.g.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...J.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.e.m...T.h.r.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Transactions.Local.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):351520
                                                                                                                                                                                                                                        Entropy (8bit):6.644714489495638
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:rEfCVr/c2WYI0De//sQMd2uAIgeUow53HIt:wf8r02WpMHenlK
                                                                                                                                                                                                                                        MD5:416F763F3F8A2F17177E2609FEEE284A
                                                                                                                                                                                                                                        SHA1:43B261CB27A461949CA6A9BC723696A6CB7A30BF
                                                                                                                                                                                                                                        SHA-256:C62C23429BEE731709EDA16E1986C9BD089B81989E82F9F61D532F815F8C732E
                                                                                                                                                                                                                                        SHA-512:A55B0B2B5196703127A0F36C00021064CCE170D428FD12EFFDA77B09D11932BBA3A92A9FBD8D3CD15F6088FEEF56A65D27E59EE87D4CED59318CF2F62C0CD849
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...y............." .........X...............................................P............`...@......@............... .......................................z...3...4.. )...@.......*..T...............................................................H............text...>........................... ..`.data....O.......P..................@....reloc.......@.......,..............@..B............................................0...........................L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...L.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...T.r.a.n.s.a.c.t.i.o.n.s...L.o.c.a.l...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...\.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Transactions.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):17160
                                                                                                                                                                                                                                        Entropy (8bit):6.676422570015763
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:35uFRdU+WzGiWoYA6VFHRN7mhdcTR9z66Q1j:JuFRmqUFClmhmV9zQ
                                                                                                                                                                                                                                        MD5:CF735B049EDD9AECEA6929479D438AB9
                                                                                                                                                                                                                                        SHA1:FE6F3DF934C54DCB28C6C29CD82C42746503031A
                                                                                                                                                                                                                                        SHA-256:EE06ADA630D4799FA5F16A7185890CB660E43ACCF1D377CBA27A3E9C5F83F326
                                                                                                                                                                                                                                        SHA-512:A042CDB90B117777C05DD62E69979F9576682ACE8D8965D1502BACEC5539B36E62AF163EC84C2A1C64E8F55ACFF25E6154FD16C7D52313916080B90B98AD63CF
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............j/... ...@....... .............................. |....`................................../..O....@..x................)...`......8...T............................................ ............... ..H............text...p.... ...................... ..`.rsrc...x....@......................@..@.reloc.......`......................@..B................K/......H.......P ..h....................-......................................BSJB............v4.0.30319......l.......#~..d...4...#Strings............#US.........#GUID...........#Blob............T.........3....................................$...............f.O.....O...^.<...o.................H.....*.................+.......................r.....,...........D.$.....O.................6.....6.....6...).6...1.6...9.6...A.6...I.6...Q.6...Y.6...a.6...i.6...q.6...y.6.....6. ...6.....6...

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ValueTuple.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15648
                                                                                                                                                                                                                                        Entropy (8bit):6.822499066467974
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:D2Cdc393WtyGWbjX6HRN7in9R9zrJRY0le5:D21JDrWS9zQ0l8
                                                                                                                                                                                                                                        MD5:A61FE4F1CF1323421CD72519E4526BC8
                                                                                                                                                                                                                                        SHA1:59A8697119DD4287022B2ED4C0513EA22F3BB29C
                                                                                                                                                                                                                                        SHA-256:0D8D708352C3B96D1AA193FFBD6F764A701EBFC979C700190494134E0E54F7B3
                                                                                                                                                                                                                                        SHA-512:6A565BE87005BEF075C7C6F0B13953794D52B861B5D40A74D3CCCA9A7813DE18195234827A83A4D38BFDB1CA64A712EA41A87A7A2A30023F45F624022A3DD4E0
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...x............."!..0..............)... ........@.. ....................................`..................................)..K....@..h............... )...`.......(..8............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................)......H........ ..,...................P .........................................fSc.....3..PM@...P@...L^...+............p.....u[.h.@o`.s.....m..~..2...E...zM...$.tl.No...Da.R...|.......R2...I.........BSJB............v4.0.30319......`...@...#~..........#Strings............#GUID...........#Blob......................3......................................]...............%...................C.....s...Q.z.....z.....z.....z...4.z.....z.....z.....z.....z...........i.................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Web.HttpUtility.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):52896
                                                                                                                                                                                                                                        Entropy (8bit):6.684498329756475
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:ZZcxU+oWt5y4JSLFUA5JDHyFuc97Qk7Y32QttzX/XHXJREYcP+uLFClNP69zB:ZZN/iDALyFFQk7Y32OJPX7cP9piNuzB
                                                                                                                                                                                                                                        MD5:732613D07CF169180B7874BF3CA02EA8
                                                                                                                                                                                                                                        SHA1:0554B11B5E3C4A61823E9D7F74F71B0EA4A6678E
                                                                                                                                                                                                                                        SHA-256:6192CFA1614ECA1B992CFBA155FF9EF3D32C3A7F642912BBB502F0001DE246B5
                                                                                                                                                                                                                                        SHA-512:B60315B4C309A29C9E174A81464F528309155744FC170FD229A65ABEABAA1E035E2AFA7857D30BFD1586A80A1E15ED6807068C41154A32E3CD09E76BBE9ED93D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." ......................................................................`...@......@............... ......................................\!...........(..........8...T...............................................................H............text.............................. ..`.data...&...........................@....reloc..............................@..B............................................0...........................<.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o...x.....0.0.0.0.0.4.b.0...F.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...W.e.b...H.t.t.p.U.t.i.l.i.t.y.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...V.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Web.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16136
                                                                                                                                                                                                                                        Entropy (8bit):6.711582753143812
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:DEVND8hxWVwo9W7YA6VFHRN7gD2R9zza+t1fY:D+u+2FClsK9zZ1fY
                                                                                                                                                                                                                                        MD5:31AC4E4AAED9264FA20A5E21B3393F7E
                                                                                                                                                                                                                                        SHA1:52A0AC2D9D0A5C099F6B490A3CED86CD5D04A446
                                                                                                                                                                                                                                        SHA-256:12EC2E14354B9F25143D4A6FE3DF9ABE0EAC379918B85BD7532D10C30E30423F
                                                                                                                                                                                                                                        SHA-512:EB15E6A6F18E89A8D4094C01FBAAC5DDB837794AB598D7D4176F98B8B0E0F0581D60FBBA8C97F0373E9817C89F8193A3E0C57BA88EC69F88F8A929A09879690F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............z*... ...@....... ..............................wQ....`.................................%*..O....@..8................)...`......X)..T............................................ ............... ..H............text........ ...................... ..`.rsrc...8....@......................@..@.reloc.......`......................@..B................Y*......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~..d.......#Strings....0.......#US.4.......#GUID...D...D...#Blob............T.........3....................................................6.Y.....Y...X.F...y.......................$...........o.......................V.....l.................>.......Y.................@.....@.....@...).@...1.@...9.@...A.@...I.@...Q.@...Y.@...a.@...i.@...q.@...y.@.....@. ...@.....@...

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Windows.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16664
                                                                                                                                                                                                                                        Entropy (8bit):6.684087527310445
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:ClyaMtLx2vJWE2SW3W+WxNzx95jmHnhWgN7acWNCmyttuX01k9z3AOV8sQR:GyaMtF0JWE2SWmFX6HRN7nnSR9zdV8hR
                                                                                                                                                                                                                                        MD5:D4DC0B9D603E0AC51FA099E12261E82D
                                                                                                                                                                                                                                        SHA1:C9D7877F32BA92F1D63F35999A9270CFDFBA6FCC
                                                                                                                                                                                                                                        SHA-256:5798AB51F67A1731E67A8A356763CB5C02BDA618DD575AED51DC6272096BB218
                                                                                                                                                                                                                                        SHA-512:0F2999E1522ECD1EA45FE0BD2C1484C4A3E11E91D7E728D1358E7F9A2FE3B1144302A2DACCFFB0F97185F80C6E7F54A959D550F806E154FFB9E7C0B408A4B95C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...5E..........." ..0..............,... ...@....... ....................................`..................................+..O....@..X................)...`.......+..T............................................ ............... ..H............text...4.... ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B.................,......H.......P ..4....................*......................................BSJB............v4.0.30319......l...h...#~..........#Strings............#US.........#GUID.......@...#Blob............T.........3......................................................Q...&.Q.....>...q.......D.........m.....y.................P...................................4.............Q..... ...........8.....8.....8...).8...1.8...9.8...A.8...I.8...Q.8...Y.8...a.8...i.8...q.8...y.8.....8. ...8.....8...

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.Linq.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16672
                                                                                                                                                                                                                                        Entropy (8bit):6.667070680792912
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:BhMvUCh9W1Y4WOArWxNzx95jmHnhWgN7agWUmMfKUSIX01k9z3ARqK:AL9W1Y4WOAEX6HRN79mW2IR9zoH
                                                                                                                                                                                                                                        MD5:19645202783866DF23C6D8746CE1196A
                                                                                                                                                                                                                                        SHA1:6D8293BA6B41247BA090E3ACB3AD98F4267AF44C
                                                                                                                                                                                                                                        SHA-256:E7065641210FAB4636FCC3B117E4E15A584838E71A4D0B3835D6378C78937465
                                                                                                                                                                                                                                        SHA-512:00A5FC30B4DDE85306BDDC509FD539F4C7A17C2A032EF65F620697C158D0A11DF5F06CF0FD1A6886B88D8EF7EB53321CE18B9ADFC5B6EE248291C09BDA411EE9
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....W..........." ..0..............,... ...@....... ....................................`..................................,..O....@..X............... )...`.......+..T............................................ ............... ..H............text........ ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B.................,......H.......P ......................(+......................................BSJB............v4.0.30319......l...l...#~......<...#Strings............#US.........#GUID...(.......#Blob............T.........3..........................................f...........+.....+.........K.......;.....z...d.....p.................G...................................+.......).....+.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y......... .............

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.ReaderWriter.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22176
                                                                                                                                                                                                                                        Entropy (8bit):6.352093179803691
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:P125qkxK67ex4FCRunW1wAWEYA6VFHRN7JtHNsAR9zqo:NKLmAWFCl3ts89zL
                                                                                                                                                                                                                                        MD5:FB77B8FA47F57C039EC3202C86752842
                                                                                                                                                                                                                                        SHA1:22138F3686EB4AE26D4B6212EC91B1441F918AE0
                                                                                                                                                                                                                                        SHA-256:0B8B80E022A7A6F46E61CC434658AFC00F72631E4303AC5FA2237DBA99925098
                                                                                                                                                                                                                                        SHA-512:9685C0BECDEB79531BD37A40A4C1F7FB230706AD88AD25F3A1E930D59408DA370D050707B47D4BEC72E8C4598C080C2E01E415E94DCC8E14ADA3F4ACD9E545D9
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...=............."!..0..$...........B... ........@.. ...............................J....`.................................LB..O....`...................(...........A..8............................................ ............... ..H............text...."... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B.................B......H........ ... ..................P ........................................Qm=........B.*.c.)J.......f.....V.GQ@.[....ZY~.<L.>..9..?...`.........s.}c.....x....ujz.As7...{......~l..q....j..F>....r.BSJB............v4.0.30319......`.......#~......8...#Strings............#GUID...(.......#Blob......................3............................................................G..... .......b.....i...f.....-.........................................[...............................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.Serialization.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16664
                                                                                                                                                                                                                                        Entropy (8bit):6.7385136944866995
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:+rKxzzhLW7MfEqHWqWxNzx95jmHnhWgN7aoW3zAcZQZfKUSIX01k9z3ARq7fG7yu:+ezdLW7MfEqHW5X6HRN7l2IR9zoqG9
                                                                                                                                                                                                                                        MD5:618450D16A5E2A9E8892A0A08748115B
                                                                                                                                                                                                                                        SHA1:F282DDC839FEE8E157C8F9453B2C447CF2292E5A
                                                                                                                                                                                                                                        SHA-256:84537A54CCA9AA87F0246E71E75A77124C90B4602A979C111368848FD975B591
                                                                                                                                                                                                                                        SHA-512:8AB0AC9D1BC47D5378B70D38D8EC86B08EB1CC0FE9A1167BA3DC16CE49F1CEBE47D410A59A9F2A60F699773D0D745625C348744B3114300D03B6E0F507E77757
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....{............" ..0..............-... ...@....... ..............................:^....`..................................-..O....@...................)...`.......,..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P .......................,......................................BSJB............v4.0.30319......l...x...#~..........#Strings............#US.........#GUID...........#Blob............T.........3..........................................p.........$.F.....F...r.....|.......<...............*...........]...........0.....M.....D.................s.....D.....x.F.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y......... .............

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XDocument.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16144
                                                                                                                                                                                                                                        Entropy (8bit):6.768329397272433
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:RaxphW/vdWXpWjA6Kr4PFHnhWgN7agWacdhHssDX01k9z3AGWaEj:yphW/vdWXYA6VFHRN78dFDR9z7WPj
                                                                                                                                                                                                                                        MD5:D0EB97936EF83C560D6C32F8A01DD0B4
                                                                                                                                                                                                                                        SHA1:689484E237A3C1BF34DCBD30349EF026D25EB9E6
                                                                                                                                                                                                                                        SHA-256:E9E7AB3E5CE5993C393E1628A9390C3C676661FADD15B8AF18DF8F37D4E7F0D6
                                                                                                                                                                                                                                        SHA-512:C395BB74991B8C3F8590CF339920CF283A5887C8330B41FCB4C2AA958F25970CD67D037CFC5A20B291E8F088EF2580BBCB9AC641AA97A2E4DC965D6B4805DAC6
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....8............"!..0..............+... ........@.. ..............................:.....`.................................L+..O....@...................)...`.......*..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........ ......................P ......................................g8xv...a..M..!....(G.1a........../}\.fl".SJ.tz...U.a.........=.e\..|.....^f.....afq.y.......c<Ff.=...W..?.<G6....OP.]..mBSJB............v4.0.30319......`.......#~..l.......#Strings............#GUID...,.......#Blob......................3................................................L...............................8.....L...p.L.....L.....L.....L.....L.....L...l.L.....L.............................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XPath.XDocument.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):18192
                                                                                                                                                                                                                                        Entropy (8bit):6.651913199525005
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:MW0aeWJ4nTLVGQYA6VFHRN7NN/7R9zCMZ:3J4nPlFCljF9zL
                                                                                                                                                                                                                                        MD5:0059E13D67A0A703782F6761903F9993
                                                                                                                                                                                                                                        SHA1:F278429223A4993D3757465A5CDEB11679708C03
                                                                                                                                                                                                                                        SHA-256:186782FBF3EEE0E17A95D06769548771B62252BDC412BE8F83A582D091A8DBD6
                                                                                                                                                                                                                                        SHA-512:CDDBBBC503FA1C2D98C267CDC1A31ED052A8E5AE870924ECDE9408D044F571C9F701FE85E2DB7AEF5005B6B262F8BCBE08DF00D2E35BCAC25361987E362E6A3C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...y{............" .........................................................P............`...@......@............... ......................................0...H........)...@......P...T...............................................................H............text............................... ..`.data...?....0......................@....reloc.......@......................@..B............................................0...........................\.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...N.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...X.m.l...X.P.a.t.h...X.D.o.c.u.m.e.n.t.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...^.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XPath.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16136
                                                                                                                                                                                                                                        Entropy (8bit):6.724803734854889
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:J/lRiA8DrHDWBVvWrjcYA6VFHRN7cVXC4deR9zVjxqmt:PP804cFClcVXC4dC9zVjYK
                                                                                                                                                                                                                                        MD5:D8BD70EB45B4B115C2ED458D8A5E756A
                                                                                                                                                                                                                                        SHA1:1FE7563C6A18BE3D0E59FC0CDFF54495C5A15F42
                                                                                                                                                                                                                                        SHA-256:4FA30F4343142ABC37495DC2DF892A2B357C00C9FE5389B5E3D3566A888F75E2
                                                                                                                                                                                                                                        SHA-512:68233A9CD8C4524C57038569E6D6770E03B8A6DF95F31463753E4BA4834D3CE9FE87F458B27B282E4425CB453AB59287D03E0B5824075B5B477E3EE184095F2C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M............."!..0..............*... ........@.. ...............................h....`.................................|*..O....@..h................)...`.......)..8............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................*......H........ ......................P ......................................R].!.k..R....I..`?.sA%!....`.......d...!.]....R....^..8./.O..b...3....%_bf.P]..=.]I..3...._.p7q....C+V...#..o<....w7...+.n...?BSJB............v4.0.30319......`.......#~......\...#Strings....X.......#GUID...h.......#Blob......................3......................................'.........C...............................d...%.{...g.{.....{...|.{.....{.....{.....{...c.{.....{.............................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XmlDocument.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16136
                                                                                                                                                                                                                                        Entropy (8bit):6.785986414151434
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:MVZNGfjiWeEsWRYA6VFHRN7EvQFcTR9z6TlLOH:6NGpbFClEvQeV9zalLOH
                                                                                                                                                                                                                                        MD5:E4C4592017D5132F245A622B8F40970E
                                                                                                                                                                                                                                        SHA1:EDDF6A290E9250B5B6668E00101F6F48D23A4D4A
                                                                                                                                                                                                                                        SHA-256:08C59884C4662F992985FBC992F196961BA9D8D3DC2CB3BF3E6E3602426B2F54
                                                                                                                                                                                                                                        SHA-512:46A12FAE6D250D3D8C75016B41FC6CBCE03512419D989B0F9C3206FDFA2CE4E68FA9A0B437ABDB7B17EAAA68841139EF0AFC50696B83D0FD49917B8B99F83AC9
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...%............."!..0..............+... ........@.. ....................................`.................................|+..O....@...................)...`.......*..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........ ......................P ......................................e.X.]w...1......(.....Ra$.|.w.xHj)......;nN+.E..(..Q.'U2.a.Y........l..6...!.w(.....J..M.>....3.....\...j.#...?....1.(Z(;..tT.BSJB............v4.0.30319......`.......#~..\.......#Strings....H.......#GUID...X.......#Blob......................3......................................#.........P./...../.........O.............\...2.....g...................................p............./.......................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XmlSerializer.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):18208
                                                                                                                                                                                                                                        Entropy (8bit):6.62112689223517
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:JmiLgTJNTDxhkcWplvW5MWxNzx95jmHnhWgN7agW5wIAgfcMbnoQNpX01k9z3Abg:Yi8rdhbWplvW5TX6HRN7xI/7R9zCng
                                                                                                                                                                                                                                        MD5:AC8C00A6747DE5226C137D208C4F182B
                                                                                                                                                                                                                                        SHA1:215E2563CA1AE5FDD1DFABCDA2D4281451C37A03
                                                                                                                                                                                                                                        SHA-256:55F9EDDE671BB0B598826186B23DC864753770B65F7EBE53D3AC3D86512A1B3A
                                                                                                                                                                                                                                        SHA-512:31149C242D6E3CB429E9E3F84C4DE13782C82788D189217ABCFE9A058D7CEE871B8B682D49531D912F6F58DE325136BBA1C073FF1D3F5E14E56ADBFEA57E761C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#.y..........."!..0..............3... ........@.. ...............................E....`..................................2..W....@.................. )...`...... 2..8............................................ ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................3......H........ ..P...................P ........................................{...m`.."n....v.......X....#h.V.c....^.U.d..n..5..-]...d......T......2|4A....G.6.....\;./.3.-.}.....,....06ph.QG..o..BSJB............v4.0.30319......`.......#~..(...p...#Strings............#GUID...........#Blob......................3................................J.................................+.....F...........N.....H.........................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):24736
                                                                                                                                                                                                                                        Entropy (8bit):6.196087974091141
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:qV/Mc95qohA8bhUVGdOQgWKwjsWlYA6VFHRN721DX+iR9zZjES:qV0chOkrFCl+DuO9z9ES
                                                                                                                                                                                                                                        MD5:FD9D85F47840B07B63FAC3C7B1A67ACF
                                                                                                                                                                                                                                        SHA1:09B9728960F9A81B3D67B3F1D9E6E19C0247014E
                                                                                                                                                                                                                                        SHA-256:D563E81C9FEEEF2C1E30A1DB45C95A3CE2A1BC18693CE30289E466D6E1ABC9D2
                                                                                                                                                                                                                                        SHA-512:FA1F20E27EA6A51EEDE46C418792790925E16CC752155B72412312A4A14DEDFCCF1F032C42A7A17B298B8DA5B6FE98DCCC43C062C41C4786EBEC01340FDF12D8
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............L... ...`....... ....................................`..................................K..O....`..8............8...(...........J..T............................................ ............... ..H............text....,... ...................... ..`.rsrc...8....`.......0..............@..@.reloc...............6..............@..B.................K......H.......P ...*..................lJ......................................BSJB............v4.0.30319......l...@...#~..........#Strings....L'......#US.P'......#GUID...`'......#Blob............T.........3..........................................P............... .................k.....H...........S.................G...................................+.....m.S...0...................x.....x.....x...).x...1.x...9.x...A.x...I.x...Q.x...Y.x...a.x...i.x...q.x...y.x.....x. ...x.....x...

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):50960
                                                                                                                                                                                                                                        Entropy (8bit):5.747090092923577
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:eQuoy1c6A2ZX8TRNH5JVbOd502zq1TntVBFFClwl9zx:eQuoO3ZX8Q5jzC3BTiw3zx
                                                                                                                                                                                                                                        MD5:C4B42F4015DB97630DAC03F6B12EA124
                                                                                                                                                                                                                                        SHA1:C1ECEAE6CB9C4F6E39F4F582052E3824DB2A5323
                                                                                                                                                                                                                                        SHA-256:A0CAE7A8FF1A44A04215B2FEE19D73B6D9351A7DCEAF17E25D8DC72E5D0A5D60
                                                                                                                                                                                                                                        SHA-512:C75AC92E9F72D016BEDC60AB2FD49C3E21C4C8AE44665FA80613AEEF1A669191F1182EBBEAEF9EDA76A77980930BAE4E5DF238D9CE47689AF781092C298D6CD1
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../&K..........." ..0.................. ........... ....................................`.....................................O........................).............T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......P ......................`.......................................BSJB............v4.0.30319......l...$;..#~...;...R..#Strings....4.......#US.8.......#GUID...H.......#Blob............T.........3................................/......................=.....=....J=...=......V...}.....h.. ..... ..... ..J.. ..... ..... ..... ..1.. ..j.. .., AF..a.AF.....R..e..=.................;.....;.....;..)..;..1..;..9..;..A..;..I..;..Q..;..Y..;..a..;..i..;..q..;..y..;.....; ....;.....;..

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\WindowsBase.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):17160
                                                                                                                                                                                                                                        Entropy (8bit):6.687937690598966
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:vpmduasEWQ+E9ZRWVEcWWUYA6VFHRN7rpR9z+ptz/nk:v0dJnP8UFClrD9zWZ/k
                                                                                                                                                                                                                                        MD5:843DB412D5B8F71F10EDD73561B4804B
                                                                                                                                                                                                                                        SHA1:C33B33AD7A29C9E981A049B1DA3E6A793F5CE034
                                                                                                                                                                                                                                        SHA-256:AF02BFB85E43E968B8095065809715D40039841AA1CAAACFEACB9A303C35F93A
                                                                                                                                                                                                                                        SHA-512:AADD18D36BAF1D40309B2B3D128D770AEC298A7F0498C17D5BEFB85ACD32650547D2FB6CA58134221A335DFADBFE1C4B925C14A65A2D971E8F58442EE59013ED
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0............../... ...@....... ..............................c.....`.....................................O....@..8................)...`.......-..T............................................ ............... ..H............text........ ...................... ..`.rsrc...8....@......................@..@.reloc.......`......................@..B........................H.......P .. ...................p-......................................BSJB............v4.0.30319......l.......#~..$.......#Strings............#US.........#GUID.......D...#Blob............T.........3..........................................f.........3.................'.....0.......v.....................l...........I.....f.....S.............i.....i................. ...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y......... .............

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-console-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20944
                                                                                                                                                                                                                                        Entropy (8bit):4.459775574843526
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:SOQWvhW/WYnO/VWQ4SWc0NsxZAqnajT9CJIC:SjWvhWvUsNs/Al39AL
                                                                                                                                                                                                                                        MD5:681C84FB102B5761477D8DA2D68CD834
                                                                                                                                                                                                                                        SHA1:FD96CF075A956FBC2B74E1ECC3E7958163B58832
                                                                                                                                                                                                                                        SHA-256:F0F7CB2A9FFCCB43400DB88D6BF99F2FCC3161DE1AC96C48501D4D522C48C2CA
                                                                                                                                                                                                                                        SHA-512:C41A62F8D10290215B8A7F0DDCC27A1CF12A7453C2DAABEF75BD2CE87C4FFC87D74EDC8CAA1771BEDA0BFA26249CFE3C94D4AF50B22A5DECB6D282BD8A2C4BDD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d...B4............" .........0...............................................@............`A........................................p...,............0...............0...!..............p............................................................................rdata..t...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-console-l1-2-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20960
                                                                                                                                                                                                                                        Entropy (8bit):4.499619700582879
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:L6WvhWFWYnO/VWQ4SWssAtkqnaj6M07i5CK:+WvhW1UslWMui57
                                                                                                                                                                                                                                        MD5:039D612693E56CCF32AE81C99443EA77
                                                                                                                                                                                                                                        SHA1:0487AA5E7D283A8840F3005D1E24E8C9ED140974
                                                                                                                                                                                                                                        SHA-256:4E978EE035B72032D0B7693E09EED6E112DCED6965780BC3E6B8E024EA2366AB
                                                                                                                                                                                                                                        SHA-512:FFA56C73E977FFCEF7890AB6C3EC52E9827AF28B0552F11C48BB7CA16D37C2B7069FB7E03CEFB89F8679E3755BCC8C47344D0D9B91416C6D92CA7DB28C20240A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d.....=.........." .........0...............................................@...........`A........................................p................0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-datetime-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20952
                                                                                                                                                                                                                                        Entropy (8bit):4.308560743366262
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:1WvhW/WYnO/VWQ4yWxK2fvXqnajeCqN+6:1WvhWvU8XlX0
                                                                                                                                                                                                                                        MD5:2A8065DC6E6E60FB90B4B3F9E6BA7288
                                                                                                                                                                                                                                        SHA1:400A1F44CD4354DEA0117E79EC04B006D6141B36
                                                                                                                                                                                                                                        SHA-256:55E5F10D0DD9C85FF1C6DC7798E46B3A4422FB7EBC583BB00D06A7DF2494397B
                                                                                                                                                                                                                                        SHA-512:787E033E35AA357263639D97FDFE8A2EBC9F17865579BE13C14C0A4C2ED99432ED8EA79C5046D1B4B783BF5FCF7B713EFDD70FCA8445A7AFCB91CFDDC7F9D442
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d...FBe..........." .........0...............................................@.......,....`A........................................p................0...............0...!..............p............................................................................rdata..X...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-debug-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20944
                                                                                                                                                                                                                                        Entropy (8bit):4.314779945585029
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:JWvhWiWYnO/VWQ4mWAyTIl1PXEKup3JdqnajKsztG2:JWvhWYUQI/PX7aJdlGsztG2
                                                                                                                                                                                                                                        MD5:720DB2235C4193151FF8987F8A729135
                                                                                                                                                                                                                                        SHA1:038648798892203B506AB4664BAECA25F78BC43C
                                                                                                                                                                                                                                        SHA-256:092B72832C47F9C4EDCDE61F1A111C20EB73452984E0A6109482DE74EB03C34D
                                                                                                                                                                                                                                        SHA-512:CAAC89DC4FE10E7752B6F248623B34A47A77A750E62F0A558C760A8AD672D980AFC966A9E5696BA5C916E722FD221D305C4D2C49D5DDA0E4A768855886D4F3CA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d...@4............" .........0...............................................@............`A........................................p................0...............0...!..............p............................................................................rdata..d...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20944
                                                                                                                                                                                                                                        Entropy (8bit):4.363620943088422
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:9m7xeiImxD3exWvhW5WWYnO/VWQ4mWACJXEKup3JdqnajKsztJ30:9m7xeiIFxWvhWuUkX7aJdlGsztd0
                                                                                                                                                                                                                                        MD5:ECDD006AAE56427C3555740F1ABFA8D6
                                                                                                                                                                                                                                        SHA1:7DFAB7AD873544F627B42C7C4981A8700A250BD4
                                                                                                                                                                                                                                        SHA-256:13BC8B3F90DA149030897B8F9F08D71E5D1561E3AE604472A82F58DAB2B103F9
                                                                                                                                                                                                                                        SHA-512:A9B37E36F844796A0FE53A60684BE51AB4013750BB0B8460C261D25FA5F3DE6CE3380044DDC71116825D130A724DF4BA351C2CFFCBF497EF1B6C443545E83F1C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d......v.........." .........0...............................................@.......p....`A........................................p................0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-fibers-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20944
                                                                                                                                                                                                                                        Entropy (8bit):4.2939305898439235
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:8gWvhWliWYnO/VWQ4mWCkJZH2vArqnajKsbTYjtZ:NWvhWlYUDuH24rlGsbTY5Z
                                                                                                                                                                                                                                        MD5:EB065ED1B5CABDBB90E2403B8564778F
                                                                                                                                                                                                                                        SHA1:5B511215EE0E347734FB727FAD6A0A959FF81BF1
                                                                                                                                                                                                                                        SHA-256:BB2D740333AFAEA2A73A163F95FA102D018CCD68DEF28B6815A2BE0696AB57DB
                                                                                                                                                                                                                                        SHA-512:E5FF38F28253FB31BF583131E23EF58AF60020AD1FB329986C8789FE351F4B73CB06109FBC4220678D93191B04DB353466F728534AA1FEBEDF150C491B8E7C65
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d.....cc.........." .........0...............................................@.......o....`A........................................p................0...............0...!..............p............................................................................rdata..0...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-file-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):25048
                                                                                                                                                                                                                                        Entropy (8bit):4.628757275210407
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:1mtaNYPvVX8rFTsvWvhWmWYnO/VWQ4yW9AfvXqnajeCqKW:8PvVXhWvhWMU7XlX7W
                                                                                                                                                                                                                                        MD5:36277B52C64CC66216751AAD135528F9
                                                                                                                                                                                                                                        SHA1:F2A6740BA149A83E4E58E1E331429FA3EB44FBA0
                                                                                                                                                                                                                                        SHA-256:F353B6C2DF7AADB457263A02BCE59C44BBAB55F98AE6509674CFBC3751F761B9
                                                                                                                                                                                                                                        SHA-512:BE729194A0A3C4D70A6FFA8DE5C7F8BB3DDA1F54772F9AEFF4B9AA1D6756720D149613C5DCB911286B6C0181A264A4A2A8A4EB848C09AC30BA60B6FD10DD64C9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d...!..e.........." .........@...............................................P............`A........................................p................@...............@...!..............p............................................................................rdata..L........ ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-file-l1-2-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20960
                                                                                                                                                                                                                                        Entropy (8bit):4.328858083322922
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:IAIEWvhWLIQWYnO/VWQ4eWletp80Hy5qnajsBk9:I5EWvhWLI+UJpslE8
                                                                                                                                                                                                                                        MD5:D92E6A007FC22A1E218552EBFB65DA93
                                                                                                                                                                                                                                        SHA1:3C9909332E94F7B7386664A90F52730F4027A75A
                                                                                                                                                                                                                                        SHA-256:03BD3217EAE0EF68521B39556E7491292DB540F615DA873DD8DA538693B81862
                                                                                                                                                                                                                                        SHA-512:B8B0E6052E68C08E558E72C168E4FF318B1907C4DC5FC1CD1104F5CAE7CC418293013DABBB30C835A5C35A456E1CB22CC352B7AE40F82B9B7311BB7419D854C7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d................" .........0...............................................@......p.....`A........................................p...L............0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-file-l2-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20960
                                                                                                                                                                                                                                        Entropy (8bit):4.41968362445382
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:lC+WvhWRWYnO/VWQ4SWHvD480Hy5qnajsBkffy2:4+WvhWRUGEslECl
                                                                                                                                                                                                                                        MD5:50ABF0A7EE67F00F247BADA185A7661C
                                                                                                                                                                                                                                        SHA1:0CDDAC9AC4DB3BF10A11D4B79085EF9CB3FB84A1
                                                                                                                                                                                                                                        SHA-256:F957A4C261506484B53534A9BE8931C02EC1A349B3F431A858F8215CECFEC3F7
                                                                                                                                                                                                                                        SHA-512:C2694BB5D103BAFF1264926A04D2F0FE156B8815A23C3748412A81CC307B71A9236A0E974B5549321014065E393D10228A0F0004DF9BA677F03B5D244A64B528
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d.....mR.........." .........0...............................................@............`A........................................p................0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-handle-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20944
                                                                                                                                                                                                                                        Entropy (8bit):4.329081455517674
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:ZfWvhWPWYnO/VWQ4SWR7me4qdsxZAqnajT9CRixc:ZfWvhW/UNezs/Al39wiO
                                                                                                                                                                                                                                        MD5:3039A2F694D26E754F77AECFFDA9ACE4
                                                                                                                                                                                                                                        SHA1:4F240C6133D491A4979D90AFA46C11608372917F
                                                                                                                                                                                                                                        SHA-256:625667EA50B2BD0BAE1D6EB3C7E732E9E3A0DEA21B2F9EAC3A94C71C5E57F537
                                                                                                                                                                                                                                        SHA-512:D2C2A38F3E779AC84593772E11AE70FC8BCFD805903E6010FE37D400B98E37746D4D00555233D36529C53DD80B1DF923714530853A69AA695A493EC548D24598
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d......0.........." .........0...............................................@......=.....`A........................................p...`............0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-heap-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20960
                                                                                                                                                                                                                                        Entropy (8bit):4.447714045651854
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:gxlAWvhW5EWYnO/VWQ4SWArSZBUuUgxfzfqnajmGYjB:gxlAWvhW5yUbSsIrlStjB
                                                                                                                                                                                                                                        MD5:2EDC82C3DA339A4A138B4E84DC11E580
                                                                                                                                                                                                                                        SHA1:E88F876C9E36D890398630E1B30878AF92DF5B59
                                                                                                                                                                                                                                        SHA-256:E36B72EAFFFFFB09B3F3A615678A72D561B9469A09F3B4891ABA9D809DA937A5
                                                                                                                                                                                                                                        SHA-512:6C1B195B2FABE4D233724133AE3BDF883F287B5ECD9639A838AD558159A07E307E7AE5E5407CE9229DCCDE4BE2CC39EC59506A5FB73B45D04B80330B55E2B85C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d...)\Ix.........." .........0...............................................@............`A........................................p................0...............0...!..............p............................................................................rdata..L...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20944
                                                                                                                                                                                                                                        Entropy (8bit):4.368970650031484
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:ODWvhWJWYnO/VWQ4mWbAcH2vArqnajKsbTY3:ODWvhWJUrcH24rlGsbTY3
                                                                                                                                                                                                                                        MD5:215E3FA11BE60FEAAE8BD5883C8582F3
                                                                                                                                                                                                                                        SHA1:F5BF8B29FA5C7C177DFEC0DE68927077E160C9AB
                                                                                                                                                                                                                                        SHA-256:FBB9032835D0D564F2F53BBC4192F8A732131B8A89F52F5EF3FF0DAA2F71465F
                                                                                                                                                                                                                                        SHA-512:C555698F9641AF74B4C5BB4CA6385B8D69D5A3D5D48504E42B0C0EB8F65990C96093687BC7EE818AA9C24432247AFAD7DF3BF086010A2EFCD3A1010B2FCD6A31
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d......d.........." .........0...............................................@......5.....`A........................................p................0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20944
                                                                                                                                                                                                                                        Entropy (8bit):4.601897142725442
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:pTvuBL3BBLxWvhWcWYnO/VWQ4mW74j21EhqnajKsxX+:pTvuBL3BXWvhWKUBqslGsxu
                                                                                                                                                                                                                                        MD5:9A8AB7FE8C4CC7604DFF1FBFA57458AA
                                                                                                                                                                                                                                        SHA1:68ED7B6B5191F53B50D6A1A13513DB780AB19211
                                                                                                                                                                                                                                        SHA-256:E9A3D7F8A08AB5BC94ACB1EC1BFFDA90469FEC3B7EECDF7CF5408F3E3682D527
                                                                                                                                                                                                                                        SHA-512:05DAEABBCDE867E63FDE952213FFF42AF05E70AE72643C97060A90DCEA2A88B75947B6F503CB2C33938AFE36AD1BAFBA5008C1BBE839F6498CDA27DA549DAEE9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d...P.1..........." .........0...............................................@............`A........................................p................0...............0...!..............p............................................................................rdata..`...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-localization-l1-2-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20960
                                                                                                                                                                                                                                        Entropy (8bit):5.116096564588074
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:6naOMw3zdp3bwjGzue9/0jCRrndbDWvhWfUCBoliM:POMwBprwjGzue9/0jCRrndbwIJY
                                                                                                                                                                                                                                        MD5:DE5695F26A0BCB54F59A8BC3F9A4ECEF
                                                                                                                                                                                                                                        SHA1:99C32595F3EDC2C58BDB138C3384194831E901D6
                                                                                                                                                                                                                                        SHA-256:E9539FCE90AD8BE582B25AB2D5645772C2A5FB195E602ECDBF12B980656E436A
                                                                                                                                                                                                                                        SHA-512:DF635D5D51CDEA24885AE9F0406F317DDCF04ECB6BFA26579BB2E256C457057607844DED4B52FF1F5CA25ABE29D1EB2B20F1709CF19035D3829F36BBE31F550F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d.....3..........." .........0...............................................@............`A........................................p................0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-memory-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20944
                                                                                                                                                                                                                                        Entropy (8bit):4.483681194749599
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:WqfWvhWoWYnO/VWQ4mWKNe4XEKup3JdqnajKsztPO/B:WGWvhWWU9X7aJdlGsztP2
                                                                                                                                                                                                                                        MD5:7DDDA921E16582B138A9E7DE445782A0
                                                                                                                                                                                                                                        SHA1:9B2D0080EDA4BA86A69B2C797D2AFC26B500B2D3
                                                                                                                                                                                                                                        SHA-256:EF77B3E4FDFF944F92908B6FEB9256A902588F0CF1C19EB9BF063BB6542ABFFF
                                                                                                                                                                                                                                        SHA-512:C2F4A5505F8D35FBDD7B2ECA641B9ECFCB31FE410B64FDE990D57B1F8FD932DFF3754D9E38F87DB51A75E49536B4B6263D8390C7F0A5E95556592F2726B2E418
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d...dIx..........." .........0...............................................@.......:....`A........................................p...l............0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20960
                                                                                                                                                                                                                                        Entropy (8bit):4.417647805455514
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:RWvhW0WYnO/VWQ4SWKeE+Ztc80Hy5qnajsBkUqS:RWvhWiUxslE5qS
                                                                                                                                                                                                                                        MD5:BF622378D051DB49BDC62ACA9DDF6451
                                                                                                                                                                                                                                        SHA1:EFD8445656A0688E5A8F20243C2419984BB7743E
                                                                                                                                                                                                                                        SHA-256:0BFEDB0D28E41E70BF9E4DA11E83F3A94C2191B5CD5DD45D9E9D439673B830CE
                                                                                                                                                                                                                                        SHA-512:DF32D34C81FDE6EEF83A613CE4F153A7945EECFB1EC936AC6ED674654A4E167EC5E5436185B8064177F5F9273D387CA226C3C9529591180250A9C5C581EC6F70
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d....2............" .........0...............................................@.......p....`A........................................p................0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20944
                                                                                                                                                                                                                                        Entropy (8bit):4.6126507489483375
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:qF3qWvhWQWYnO/VWQ4SWL7JJsxZAqnajT9CgsLam:qF6WvhW+UA7s/Al39wR
                                                                                                                                                                                                                                        MD5:A56E3E2AA6398CCB355C7CDE81CCB6E5
                                                                                                                                                                                                                                        SHA1:A26273DD41DB7B63D3A79ACF6F4F3CF0381A8F02
                                                                                                                                                                                                                                        SHA-256:25AF1BC31C4A3FB9F1036C9AA51CB0AE8899C499B3EEF4CF7281515C1EA27B47
                                                                                                                                                                                                                                        SHA-512:3D5CEC9E5B42724794282974F637B1FDA8C26ADF01ED19DD2EC4F940E01CD43BDC42E46DC3E62704E62553DE96D3FEA1616C9650AF73CDB557DFCA1B52051A64
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d................" .........0...............................................@............`A........................................p...H............0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20944
                                                                                                                                                                                                                                        Entropy (8bit):4.978924663768967
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Hck1JzNcKSIGqAWvhWTUpDX7aJdlGsztMs:3cKSswKz7aJGps
                                                                                                                                                                                                                                        MD5:82159E8D92E38C4F287EB9420DCF1F9F
                                                                                                                                                                                                                                        SHA1:2E4436DBE18D943416A388777D05BFE5CB553DE7
                                                                                                                                                                                                                                        SHA-256:0D22CE9D987EFD6886A8DE66A6A678C287D29B15963B4373F73D79DDE42C9827
                                                                                                                                                                                                                                        SHA-512:DCEF1E0C7916C8CD08148962949A996FFC5D46B899CD82DFBCD9BB1BC614622BC8997F1E7D3C4E3D75F2DF07540A4C17F39477CFE97BA7F0BD280CDD52E06F91
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d......Y.........." .........0...............................................@.......K....`A........................................p................0...............0...!..............p............................................................................rdata..4...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20944
                                                                                                                                                                                                                                        Entropy (8bit):4.513848472591714
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:pwQpUwzDfIeOWvhW9WYnO/VWQ4+WWXtplsxZAqnajT9CGl:pZDfIeOWvhWNUFbls/Al39Hl
                                                                                                                                                                                                                                        MD5:74C264CFFC09D183FCB1555B16EA7E4B
                                                                                                                                                                                                                                        SHA1:0B5B08CDF6E749B48254AC811CA09BA95473D47C
                                                                                                                                                                                                                                        SHA-256:A8E2FC077D9A7D2FAA85E1E6833047C90B22C6086487B98FC0E6A86B7BF8BF09
                                                                                                                                                                                                                                        SHA-512:285AFBCC39717510CED2ED096D9F77FC438268ECAA59CFF3CF167FCC538E90C73C67652046B0EE379E0507D6E346AF79D43C51A571C6DD66034F9385A73D00D1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d...%p_W.........." .........0...............................................@............`A........................................p................0...............0...!..............p............................................................................rdata..,...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-profile-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20944
                                                                                                                                                                                                                                        Entropy (8bit):4.293598211920456
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:dWvhW/WYnO/VWQ4SWYujPUsxZAqnajT9Cl36:dWvhWvUgMs/Al39Eq
                                                                                                                                                                                                                                        MD5:D6F37B232E3F2E944EBCF53A662E852F
                                                                                                                                                                                                                                        SHA1:C10839E941444ED79C2314F90DA34E5742F4E514
                                                                                                                                                                                                                                        SHA-256:5E6AD9502C8411F29BC072EFD08C4FCD09BC3367814269DEDA74A78536FB8375
                                                                                                                                                                                                                                        SHA-512:6E0CF1021EF3FF31895D2B6A9E72084EBE52DE4201D317B12FB8B05A7B1946FDEF65D2B046F8FB25189D3A94F70726121F2E8EAC8239C00EE02EF5EAF57F21C5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d................" .........0...............................................@............`A........................................p................0...............0...!..............p............................................................................rdata.. ...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20960
                                                                                                                                                                                                                                        Entropy (8bit):4.469567491280211
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:aGeVTg6WvhWGWYnO/VWQ4SWupBd80Hy5qnajsBkt2NjY:aGeVTg6WvhWsUldslE8+Y
                                                                                                                                                                                                                                        MD5:6397D5CC116D884D31552F613F748556
                                                                                                                                                                                                                                        SHA1:B76B19FE4D3D5D26D2DEE1983D384E26D961180E
                                                                                                                                                                                                                                        SHA-256:40EB38D84DFD13C8A58211B8273C4B4965148742F08EB6FE8B0830392C37ABC1
                                                                                                                                                                                                                                        SHA-512:4449DA9BAA3F722EB274AC527125F5918A17BC94B243849A0A44F3463E35F368339A58A6AA1E08B83D54D13538C0D52BFCB452A48B8B9A52961BF136256D220E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d.....C}.........." .........0...............................................@.......T....`A........................................p...<............0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-string-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20960
                                                                                                                                                                                                                                        Entropy (8bit):4.375396134710155
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:v0yyMvJWvhW4WYnO/VWQ4SWQwwV80Hy5qnajsBkrfFIf:zyMvJWvhWmUAIslEAfFI
                                                                                                                                                                                                                                        MD5:D2D7458AB838E738B54FB4D6FA490BF6
                                                                                                                                                                                                                                        SHA1:0CFC5659B23A35C987B96CABBC0D10325316385D
                                                                                                                                                                                                                                        SHA-256:285A481D7BA9859CC28BEDEDD8F05A90BD648A34D66B8C797118920B40E15E4E
                                                                                                                                                                                                                                        SHA-512:62E0ABB2E59D360D6A066E73289AA1B880E7C1A0B7E6C695F40B1E0F2CB11DEB9E54DEBA4045D2454B911AF109EC198F11073874A8F023EB1B71A16A74354A1E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d....%fN.........." .........0...............................................@............`A........................................p................0...............0...!..............p............................................................................rdata..<...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-synch-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20944
                                                                                                                                                                                                                                        Entropy (8bit):4.889960536352825
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:lQMwidv3V0dfpkXc0vVaLnWvhWTULrX7aJdlGsztzO1:xHdv3VqpkXc0vVagQ2L7aJGqO1
                                                                                                                                                                                                                                        MD5:255B18FE8AB465C87FB8AD20D9A63AAC
                                                                                                                                                                                                                                        SHA1:645823B0332ADDABA5E4EF40D421B2DA432FDA5E
                                                                                                                                                                                                                                        SHA-256:E050E1BFBB75A278412380C912266225C3DEE15031468DAE2F6B77FF0617AA91
                                                                                                                                                                                                                                        SHA-512:19244B084AC811B89E0E6A77F9308D20CF4FBB77621D34EEDC19FCD5C8775A33B2D9ADA3F408CBE5806C39745B30C1C1CC25D724DB9377B437D771AE0BF440B1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d....>F..........." .........0...............................................@......Re....`A........................................p...X............0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-synch-l1-2-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20944
                                                                                                                                                                                                                                        Entropy (8bit):4.557349562243787
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:ctZ3ZtIWvhW9NWYnO/VWQ4SWndusxZAqnajT9CMCz4:ctZ3wWvhW9dUds/Al39pCz4
                                                                                                                                                                                                                                        MD5:0A2432A420640A79FAAFF044AB054EF6
                                                                                                                                                                                                                                        SHA1:15688BF3C9330309EC5EA602C0AD5AF1FD68BC30
                                                                                                                                                                                                                                        SHA-256:9DFD114E4182662A669A3B9054DD2A24D96DD66ED96A8B2AC05601928B2084D5
                                                                                                                                                                                                                                        SHA-512:090D6D5046AEFE9006B319FC3F9740426BC93E50CF262CE65857449891CA69D2A235421CFEA3FB178D3F8B1E3F640B8678AA9D8F6E67B8A17985913BEBFB3FDD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d................" .........0...............................................@............`A........................................p...x............0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20944
                                                                                                                                                                                                                                        Entropy (8bit):4.617444368323971
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:UgdKIMFemVWvhWNWYnO/VWQ4mWY1tcQIj21EhqnajKsxN:JH0WvhWdUDIqslGsxN
                                                                                                                                                                                                                                        MD5:E1A7B1F8CDB24324D0E44B0078DB8BD1
                                                                                                                                                                                                                                        SHA1:B6C2FE32AE5FA1398F7AE6245C405378E32A7897
                                                                                                                                                                                                                                        SHA-256:45D4F1E398E4CC73FD1AAAD80219D2A9D3205A228167C819EB6787D7B01FC186
                                                                                                                                                                                                                                        SHA-512:144AFE1CB812DE93FBDD08658AFEB4C95480A8E504C5DCF909FF226400CA2D0F48395CF71954FBD1B3DD93A49CBA39EC0DB3FC34A05804C93FD9A48B0A1749CA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d......d.........." .........0...............................................@.......A....`A........................................p...H............0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20944
                                                                                                                                                                                                                                        Entropy (8bit):4.549935038939539
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:+cWvhWoWYnO/VWQ4mWRhXEKup3JdqnajKsztzy:+cWvhWWUqX7aJdlGsztzy
                                                                                                                                                                                                                                        MD5:CB39EEA2EF9ED3674C597D5F0667B5B4
                                                                                                                                                                                                                                        SHA1:C133DC6416B3346FA5B0F449D7CC6F7DBF580432
                                                                                                                                                                                                                                        SHA-256:1627B921934053F1F7D2A19948AEE06FAC5DB8EE8D4182E6F071718D0681F235
                                                                                                                                                                                                                                        SHA-512:2C65014DC045A2C1E5F52F3FEA4967D2169E4A78D41FE56617CE9A4D5B30EBF25043112917FF3D7D152744DDEF70475937AE0A7F96785F97DCEFAFE8E6F14D9C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d................" .........0...............................................@............`A........................................p...H............0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-util-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20944
                                                                                                                                                                                                                                        Entropy (8bit):4.319450964936577
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:MPWvhWRWYnO/VWQ4SWiIsxZAqnajT9CDH:yWvhWRUCs/Al39OH
                                                                                                                                                                                                                                        MD5:5B6C46F42ED6800C54EEB9D12156CE1F
                                                                                                                                                                                                                                        SHA1:66CE7A59B82702875D3E7F5B7CF8054D75FF495F
                                                                                                                                                                                                                                        SHA-256:2631CADCE7F97B9A9E6DF4E88F00F5A43EF73B070EE024ED71F0B447A387FF2F
                                                                                                                                                                                                                                        SHA-512:38FF6745BB5597A871B67AA53FCC8426BC2CDD16B6497A0EB7B59C21D8716F1ABB1F7C7A40A121AD1BD67B5490FEF5CF82EE8FD0BF848F27DCA27FC5D25DEC61
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d......#.........." .........0...............................................@...........`A........................................p...<............0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-conio-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20944
                                                                                                                                                                                                                                        Entropy (8bit):4.6478341719136145
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:y0WvhW3WYnO/VWQ4mW8iTH2vArqnajKsbTYk:FWvhWnUIH24rlGsbTYk
                                                                                                                                                                                                                                        MD5:A68D15CAB300774D2A20A986EE57F9F4
                                                                                                                                                                                                                                        SHA1:BB69665B3C8714D935EE63791181491B819795CB
                                                                                                                                                                                                                                        SHA-256:966DDBF59E1D6C2A80B8ABBF4A30D37475DE097BF13FB72BA78684D65975CD97
                                                                                                                                                                                                                                        SHA-512:AC040F92560631CA5162C7559173BDFE858E282225967AB1ADC0A038D34943B00DB140D44319CD2CDC2864295A098AB0BA634DFAA443E1D1782FA143AE4C217D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d...8.?;.........." .........0...............................................@......5.....`A........................................P................0...............0...!..............p............................................................................rdata..@...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-convert-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):25056
                                                                                                                                                                                                                                        Entropy (8bit):4.647238720605179
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:3jQ/w8u4cy1WvhWb9WYnO/VWQ4SWANsAlosytkqnaj6Md:fy1WvhWhUNsilWMd
                                                                                                                                                                                                                                        MD5:0E35E369165875D3A593D68324E2B162
                                                                                                                                                                                                                                        SHA1:6A1FF3405277250A892B79FAED01DCDC9DBF864A
                                                                                                                                                                                                                                        SHA-256:14694879F9C3C52FBD7DDE96BF5D67B9768B067C80D5567BE55B37262E9DBD54
                                                                                                                                                                                                                                        SHA-512:D496F0C38300D0EED62B26A59C57463A1444A0C77A75C463014C5791371DECA93D1D5DD0090E8E324C6A09BD9CFF328F94947272CA49018C191C12732E805EE8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d....A............" .........@...............................................P......4.....`A........................................P................@...............@...!..............p............................................................................rdata..>........ ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-environment-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20944
                                                                                                                                                                                                                                        Entropy (8bit):4.454858890873412
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:PLGju+OXWvhW+eWYnO/VWQ4mWPiNbj21EhqnajKsxy:PLGjuJWvhWFUztqslGsxy
                                                                                                                                                                                                                                        MD5:DACF383A06480CA5AB70D7156AECAB43
                                                                                                                                                                                                                                        SHA1:9E48D096C2E81A7D979F3C6B94315671157206A1
                                                                                                                                                                                                                                        SHA-256:00F84C438AAB40500A2F2DF22C7A4EC147A50509C8D0CDAC6A83E4269E387478
                                                                                                                                                                                                                                        SHA-512:5D4146A669DDB963CF677257EC7865E2CFCB7960E41A38BBD60F9A7017474ED2F3291505FA407E25881CBF9E5E6B8055FF3BD891043284A0A04E3FE9CFAD9817
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d................." .........0...............................................@......w.....`A........................................P..."............0...............0...!..............p............................................................................rdata..r...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20944
                                                                                                                                                                                                                                        Entropy (8bit):4.950541424159939
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:RSnWlC0i5CtWvhWJKWYnO/VWQ4SWuMasxZAqnajT9CQMDt:RSnWm5CtWvhWWUyas/Al39ODt
                                                                                                                                                                                                                                        MD5:D725D87A331E3073BF289D4EC85BD04D
                                                                                                                                                                                                                                        SHA1:C9D36103BE794A802957D0A8243B066FA22F2E43
                                                                                                                                                                                                                                        SHA-256:30BCF934CBCC9ED72FF364B6E352A70A9E2AFA46ECEADEA5C47183CB46CFD16E
                                                                                                                                                                                                                                        SHA-512:6713FF954221C5DD835C15556E5FA6B8684FA7E19CE4F527A5892E77F322B3DAE7199A232040B89AD4A9575C8D9788D771892D2294F3C18DA45E643EB25FDB08
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d......0.........." .........0...............................................@............`A........................................P................0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-heap-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20944
                                                                                                                                                                                                                                        Entropy (8bit):4.591111522505104
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:PUFY17aFBRIWvhWrWYnO/VWQ4mWCJH2vArqnajKsbTYxj:8Q1WvhWLUrH24rlGsbTY5
                                                                                                                                                                                                                                        MD5:9151E83B4FDFA88353B7A97AE7792678
                                                                                                                                                                                                                                        SHA1:B46152E70D5D3D75D61D4CCDB50403BD08BB9354
                                                                                                                                                                                                                                        SHA-256:6C0E0D22B65329F4948FCF36C8048A54CCCCBF6C05B330B2C1A686F3E686EED0
                                                                                                                                                                                                                                        SHA-512:4D4210474957E656D821E1DC5934A4BFBF7E73DD61D696A1AB39914F887810C8FBE500DBB1E23782B40807F25820F35C9665E04DCDC2FD0F6C83046A4AECB86B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d...G..d.........." .........0...............................................@............`A........................................P................0...............0...!..............p............................................................................rdata..f...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-locale-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20944
                                                                                                                                                                                                                                        Entropy (8bit):4.54281367075804
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:g8yWvhWVWYnO/VWQ4mWWeUDj21EhqnajKsxRIM9:gtWvhWFUtDqslGsxRIG
                                                                                                                                                                                                                                        MD5:EBC168D7D3EA7C6192935359B6327627
                                                                                                                                                                                                                                        SHA1:AECEB7C071CF1BB000758B6CEEBEFEEC91AD22BD
                                                                                                                                                                                                                                        SHA-256:C048A3D7AB951DCE1D6D3F5F497B50353F640A1787C6C65677A13C55C8E99983
                                                                                                                                                                                                                                        SHA-512:891D252ECD50BDED4614547758D5E301BDF8E71FBB1023FF89F8DE2F81927CC7CC84B98985D99E8FA8DCBF361E5117D9C625DC0D36983AFC3F2AA48A54CE3D48
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d....h\..........." .........0...............................................@......}.....`A........................................P...e............0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-math-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):29144
                                                                                                                                                                                                                                        Entropy (8bit):4.946641263598223
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:MQM4Oe59Ckb1hgmLJWvhWdUN8HOhlxAnY:rMq59Bb1jeanOunY
                                                                                                                                                                                                                                        MD5:7A235962DBAB1E807C6EC7609FC76077
                                                                                                                                                                                                                                        SHA1:148DDD11A0D366313F75871007057B3F0485AB33
                                                                                                                                                                                                                                        SHA-256:F7C5D7394643C95FE14C07773A8A206E74A28DB125F9B3976F9E1C8C599F2AF1
                                                                                                                                                                                                                                        SHA-512:25B21EE7BB333E5E34D2B4A32D631A50B8FFAF1F1320D47C97C2A4DFF59FA2A2703CDF30638B46C800D3150EFAA4A2518C55E7B2A3B2E4273F43DD5CA83AE940
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d...J..R.........." .........P...............................................`............`A........................................P....%...........P...............P...!..............p............................................................................rdata...&.......0..................@..@.data........@......................@....rsrc........P.......@..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-multibyte-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):29136
                                                                                                                                                                                                                                        Entropy (8bit):4.764408242494898
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:VA/kPLPmIHJI6/CpG3t2G3t4odXLJWvhWSUwlmX7aJdlGszti:y/kjPmIHJI6AFc7aJGT
                                                                                                                                                                                                                                        MD5:B3B4A0F3FCE120318E71DE3AFB6BB1AA
                                                                                                                                                                                                                                        SHA1:D3349409EC717F942769BA67FECA40557C1423D0
                                                                                                                                                                                                                                        SHA-256:A38E6786DC8EC6D2717343DBE00BB2FDDA008D87935BBD9371AE94E7E004270B
                                                                                                                                                                                                                                        SHA-512:4A130674DDBB05949665F6F7A070B25E82C34047D1E62EC60C73F815CED39A9041D972BE4E8C505F9B13C5BCDC114F3479BF8D69D7D9CF9987D39A6F5DB7F560
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d....T............" .........P...............................................`............`A........................................P.... ...........P...............P...!..............p............................................................................rdata..D".......0..................@..@.data........@......................@....rsrc........P.......@..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-private-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):74192
                                                                                                                                                                                                                                        Entropy (8bit):5.1227875842071615
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:LLraHgDe5c4bFe2JyhcvxXWpD7d3334BkZnjPgB/P5W:baHgDe5c4bFe2JyhcvxXWpD7d3334Bkb
                                                                                                                                                                                                                                        MD5:7033AB91EA4F0593E4D6009D549E560F
                                                                                                                                                                                                                                        SHA1:4951CE111CA56994D007A9714A78CDADEEB0DACF
                                                                                                                                                                                                                                        SHA-256:BE7901AA1FACEA8E1FD74A62BDE54CC3BD8E898B52E76FABB70342B160989B80
                                                                                                                                                                                                                                        SHA-512:8BC3B880E31EBE3BC438A24D2AF249C95E320AC3C7A501027EF634F55AAB6FAC4F6D1090A00C29A44657A34EBADCD62023F2E947D31C192072698B645F8651ED
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d.....+..........." ................................................................e.....`A........................................P....................................!..............p............................................................................rdata..............................@..@.data...............................@....rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-process-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20944
                                                                                                                                                                                                                                        Entropy (8bit):4.608840616484201
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:4adyqjd7VWvhWpWYnO/VWQ4mWB8nXEKup3JdqnajKszt0CkD:4aQ0WvhWpUnX7aJdlGszt0r
                                                                                                                                                                                                                                        MD5:55463244172161B76546DC2DE37F42BD
                                                                                                                                                                                                                                        SHA1:C10A5360AD5E340D59C814E159EA1EFCBF5BF3EE
                                                                                                                                                                                                                                        SHA-256:4166A32551989F960DAC7C0E296FFB28092F45F6539E7C450FA04BF17612BE73
                                                                                                                                                                                                                                        SHA-512:EACEC78FF95F60DEF6F7F27BDA4A84F1DD2DFA386EFC4F6DA770C37268DF83C5B402693EA5C29F54D48026579F3843DB26ADD4D6448EA10CBF7F14D4D14A72FD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d....w>..........." .........0...............................................@......M.....`A........................................P...x............0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):25040
                                                                                                                                                                                                                                        Entropy (8bit):4.795732177662406
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:oHUW9MPrpJhhf4AN5/KiZWvhWMWYnO/VWQ4mWLz8Y5H2vArqnajKsbTYCkI:oHUZr7PWvhW6UeH24rlGsbTYCx
                                                                                                                                                                                                                                        MD5:27C4A3BCC0F1DBA2DE4C2242CD489F3B
                                                                                                                                                                                                                                        SHA1:A704FD91E3C67108B1F02FD5E9F1223C7154A9CC
                                                                                                                                                                                                                                        SHA-256:315DED39D9E157CEC05D83711C09858C23602857C9D8C88BEEF121C24C43BE84
                                                                                                                                                                                                                                        SHA-512:793E74DFB1052C06AB4C29E7B622C795CC3122A722382B103940B94E9DAC1E6CA8039DF48C558EFCC5D952A0660393AE2B11CED5ADE4DC8D5DD31A9F5BB9F807
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d...4{.+.........." .........@...............................................P............`A........................................P...4............@...............@...!..............p............................................................................rdata........... ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):25040
                                                                                                                                                                                                                                        Entropy (8bit):5.082770273323341
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:DA2uWYFxEpahrWvhW/nWYnO/VWQ4mWSmRkH2vArqnajKsbTYMlBzK:DIFVhrWvhWfUERkH24rlGsbTYx
                                                                                                                                                                                                                                        MD5:306608A878089CB38602AF693BA0485B
                                                                                                                                                                                                                                        SHA1:59753556F471C5BF1DFEF46806CB02CF87590C5C
                                                                                                                                                                                                                                        SHA-256:3B59A50457F6B6EAA6D35E42722D4562E88BCD716BAE113BE1271EAD0FEB7AF3
                                                                                                                                                                                                                                        SHA-512:21B626E619AAF4EDA861A9C5EDF02133C63ADC9E893F38FEDE72D90A6E8BE0E566C117A8A24CA4BAB77928083AE4A859034417B035E8553CC7CCFB88CB4CBD9C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d...+b............" .........@...............................................P......'l....`A........................................P...a............@...............@...!..............p............................................................................rdata........... ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-string-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):25040
                                                                                                                                                                                                                                        Entropy (8bit):5.075489018611419
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:dozmT5yguNvZ5VQgx3SbwA71IkFPaPA6XHPe:dozmT5yguNvZ5VQgx3SbwA71IAaP7XH2
                                                                                                                                                                                                                                        MD5:EC1381C9FDA84228441459151E7BADEA
                                                                                                                                                                                                                                        SHA1:DB2D37F3C04A2C2D4B6F9B3FD82C1BE091E85D2C
                                                                                                                                                                                                                                        SHA-256:44DDAB31C182235AC5405D31C1CBA048316CC230698E392A732AC941EC683BAD
                                                                                                                                                                                                                                        SHA-512:EE9EBBDC23E7C945F2B291FDE5EB68A42C11988182E6C78C0AB8FA9CB003B24910974A3291BCDAA0C8D1F9DFA8DF40293848FB9A16C4BE1425253BED0511A712
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d....w.e.........." .........@...............................................P......0.....`A........................................P................@...............@...!..............p............................................................................rdata../........ ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-time-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20944
                                                                                                                                                                                                                                        Entropy (8bit):5.000234308172749
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:SNDKWvhW/WYnO/VWQ4mWVx2RoXEKup3JdqnajKsztg/J:RWvhWvUexqoX7aJdlGsztgx
                                                                                                                                                                                                                                        MD5:4CF70855444F38E1EB71F9C3CD1C6E86
                                                                                                                                                                                                                                        SHA1:D06AEC4008D397756EE841F0E7A435D1C05B5F07
                                                                                                                                                                                                                                        SHA-256:A409E25A9D3C252CC0A5AF9DF85D3733E946087B06CD1FB2CF1BF640EB0D49BA
                                                                                                                                                                                                                                        SHA-512:A13A80645E679343AC5638E8AA6A03012F16200CB3A4637BE52A01AA3BEF854324A8ED1882CA91B304B9C47B6351B1FC1671F4DEDE5BE77BC208A71FE6029064
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d.....p..........." .........0...............................................@............`A........................................P................0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-utility-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20944
                                                                                                                                                                                                                                        Entropy (8bit):4.5308703760687745
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:6PjfHQduHWvhWjWYnO/VWQ4mWEwXBXEKup3JdqnajKsztqOT+:QfxWvhWjUoXBX7aJdlGsztqx
                                                                                                                                                                                                                                        MD5:FCD6B29932D6FB307964B2D3F94E6B48
                                                                                                                                                                                                                                        SHA1:BE560F8A63C8E36A7B3FA48FF384F99F69A5D4F7
                                                                                                                                                                                                                                        SHA-256:CFB2EE4E426BB00B76163C1A66CF8CFEF8D7450CBF9BBCE3BC9EB2053F51E0E5
                                                                                                                                                                                                                                        SHA-512:3EDFCF559F1E21870277358E6D266A1A0CEA68B163B11C73108F3B6A56006D20B51410A3B4EA39BF80906BF6C9D573E1072697CFCD6A3D37E3679EA54757C69F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d...w............." .........0...............................................@............`A........................................P...^............0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\clretwrc.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):304912
                                                                                                                                                                                                                                        Entropy (8bit):4.237308620636253
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:sQX9Xit++0PJSKtOJsgI3mwNdmLZ8mTQfsqxs0w:X9xacWIfsq6T
                                                                                                                                                                                                                                        MD5:7A6F920B2A26507F381C9926FF3955E9
                                                                                                                                                                                                                                        SHA1:3ACB49A2097FDC6DAB19D855CC9E926CEF2CC991
                                                                                                                                                                                                                                        SHA-256:ACC3E8888821897CFA2175C1B6FA244D3F8F3B9C19C7D10D13ABB2B5DBF0BD31
                                                                                                                                                                                                                                        SHA-512:300056DAF903C41155A9CC21FA50580F5730978B052BA3E1437DFFE21BA4BF8B85DD56BE64C4DAC38317497B5E06136CA7FF7FA2C569A79D93641A1ACCEC8DA9
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j=.I.S.I.S.I.S..~..H.S..~Q.H.S.RichI.S.PE..d...0..f.........." .........|...........................................................`.......................................................... ..xx...........~...)..............T............................................................................rdata..X...........................@..@.rsrc...xx... ...z..................@..@....0..f........l...l...l.......0..f........................0..f........l...................................RSDSu{1^E..G...(.u......D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\clretwrc\clretwrc.pdb.............................T....rdata..T........rdata$voltmd...l........rdata$zzzdbg.... .......rsrc$01.....!..hw...rsrc$02....................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\clrjit.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1436960
                                                                                                                                                                                                                                        Entropy (8bit):6.484129501687899
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:5Ltbu58TIu2rlMBDr0PZYRhVj95f1L7Zr5/z/5ccUYXIBXzkTVsHgWolUZbGfqfZ:5LtHAcX0PZuhVDh7ZN7/6YXIBjkBsHgA
                                                                                                                                                                                                                                        MD5:1B4D16976D164450EE4353CEAB9D2FB3
                                                                                                                                                                                                                                        SHA1:D23DA40ABDF340AD7EB4BDFE236A2958734B9187
                                                                                                                                                                                                                                        SHA-256:F3B3025DA537F2CDDCBEA252F3B9FD806059E1E780388AF1F17717A08A88B31D
                                                                                                                                                                                                                                        SHA-512:D542C07705357B4F14FECEBB741C1A350CFE4DC1D62E798FA3D2BE454B5F6F36C679382EEAAE870A19F0BD4CA0C17015C095B449B3FA8B2DE4110DDF134678D2
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2.US..US..US..\+..YS...!..RS..US...S...&..tS...&..[S...&..\S...&..>S...&..TS...&y.TS...&..TS..RichUS..........................PE..d...a..f.........." .....,................................................... ............`A............................................t....................0..@....... )......|.......p....................k..(...@...8............@...............................text....*.......,.................. ..`.rdata.......@.......0..............@..@.data....<..........................@....pdata..@....0......................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..|...........................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\coreclr.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5125384
                                                                                                                                                                                                                                        Entropy (8bit):6.552501447077918
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:gRRteSC8CjfXq6EoB/CEsRfJSa3Ed9A6oWUqCJ0OTVRSpih8IdCdTWOwxJ4aXmnF:oRqXB/CEA8JspP8LK1XHy
                                                                                                                                                                                                                                        MD5:3BAD185FF9C97D6BF3721BB5FCF94C93
                                                                                                                                                                                                                                        SHA1:C58124BAF2437902C1D1F2F955160D0976775F85
                                                                                                                                                                                                                                        SHA-256:AEC87D2F91D6A44DBA90F9BDEB7B3509D5A2C322E29A17CF29BCCEAE9092B6D9
                                                                                                                                                                                                                                        SHA-512:38639C67D78491074BB755177849A4E54EF9DF77E6CDF2EBAE3049D121A8AAB0987D5B442728CB05CC3B392112D298F6469E5E8256037B1BD1AADF897887E79F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../.*.Nuy.Nuy.Nuy.6.y.Nuyj<qx.Nuyj<tx.Nuy.Nty.Ouy.;px.Nuy.;qx.Nuy.;vx.Nuys;vx.Nuys;{xlOuys;ux.Nuys;.y.Nuys;wx.NuyRich.Nuy................PE..d......f.........." ......<...................................................O.......N...`A.........................................LI.D...TMI......`O...... K.8.....N..)...pO.Ta....>.p.....................?.(...p.=.8.............<......JI.`....................text...a.<.......<................. ..`.CLR_UEF\.....<.......<............. ..`.rdata........<.......<.............@..@.data... .....I..:...PI.............@....pdata..8.... K.......I.............@..@.didat..8.....N......hL.............@...Section.......N......jL.............@..._RDATA...3... N..4...lL.............@..@.rsrc........`O.......M.............@..@.reloc..Ta...pO..b....M.............@..B........................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\createdump.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):58208
                                                                                                                                                                                                                                        Entropy (8bit):6.336737113725061
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:BIkf5nMEPz7omzpq/4Jw1AsDZq7v653eUu8su9WWD9zWVV:3n5tLX626u8b9WWpzWVV
                                                                                                                                                                                                                                        MD5:555F420D213590062A1EA6CCBA22FF93
                                                                                                                                                                                                                                        SHA1:1D0FCFAAE1FF46B8CC13AFF0BC8B23E8B6744061
                                                                                                                                                                                                                                        SHA-256:679EF868F8A1792862D066DE2E4A6DC2581F8EA1B449A27700D0ABD41F305840
                                                                                                                                                                                                                                        SHA-512:0CD0FEBCC0DE9F3C7A061FF667F9DCAA42708D12D94BB24C5452E7AFD81588AEB914FA9F7BADA471FBE35AAB86A329D22D00B7A7053EDC8BEAE24F8BE104E99C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l............uU.....x.....x.....x.................x.....x9.....x....Rich...........PE..d......f.........."......h...N.......).........@..........................................`....................................................................P.......`)......h.......T...............................8............................................text....f.......h.................. ..`.rdata...6.......8...l..............@..@.data...............................@....pdata..P...........................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..h...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\dbgshim.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):140552
                                                                                                                                                                                                                                        Entropy (8bit):6.417221597504487
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:/XY8Ja8dy1+iLfBcGPUZZceOiU8mJ/QQc962jqc413OygrxkwFOZiLazze:fLgDL+vU8mpcoOygrxk7Z1ne
                                                                                                                                                                                                                                        MD5:EB426FB0169349BD00996AD44A4DBCFB
                                                                                                                                                                                                                                        SHA1:E4310867F2A65106E8651B6896C6874C86DC5D9D
                                                                                                                                                                                                                                        SHA-256:7E71B48980907AD28B686454DBBD7AFFEB31EB5D0D483F10726318E78C2FA697
                                                                                                                                                                                                                                        SHA-512:CA18E9C294180E8B541E0B60EA1EA82F9E96E9FBD00512A183DF4FF02AC305572D7036C03CD222DE048E9D1F1AA3A8AC0CC479FEA21F8772F11CF62272EB8276
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@.......................+.......*.......-......./......./.{.....'......................,.....Rich....................PE..d...8..f.........." .....^..........P........................................P......b.....`A............................................(...(........0..........|........)...@..........p.......................(... ...8............p...............................text....\.......^.................. ..`.rdata..Tx...p...z...b..............@..@.data...............................@....pdata..|...........................@..@_RDATA....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\hostpolicy.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):394504
                                                                                                                                                                                                                                        Entropy (8bit):6.310874586526877
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:HBGjtNkrBCdJeD1QL3sQy8XyV0l0gzPI37VPzBzrBUh9epO1BE/XW9X:HBGjtNkU/rsQy8XyxnQaO0XW9X
                                                                                                                                                                                                                                        MD5:E91B1F5F3C422A8FABD79B2AB60D7534
                                                                                                                                                                                                                                        SHA1:24EA312FFA45D6611A4A487F7BD8185BF9E62F56
                                                                                                                                                                                                                                        SHA-256:3F08B69309BFE4B910D35AE6739EE8F650CB94428AE546222038DECD7BF102F7
                                                                                                                                                                                                                                        SHA-512:8E8B028123A710661CDD68F46A789186E3D73E8946B92582695D8A006854C92994DEBCD461E723EBC04E62499903D617B5D7568F20D79452FAF2ACCB21086200
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ux.U..YU..YU..Y.a.X_..Y.a.X_..Y.a.X...Y\l.YG..Y.f.XP..YU..Y...Y.a.XH..Y.a.XT..Y.a.YT..Y.a.XT..YRichU..Y........PE..d......f.........." .....D...................................................@............`A............................................ ... ........ ..........$0.......)...0..........p.......................(.......8............`...............................text...,B.......D.................. ..`.rdata...F...`...H...H..............@..@.data...............................@....pdata..$0.......2..................@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscordaccore.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1320504
                                                                                                                                                                                                                                        Entropy (8bit):6.3740433775574274
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:I3ccAqMv7jLs0eJqwnSA/RSwn20qv6InSITDH4Pecta:I7s7jsjS4znnqyIn7TrRUa
                                                                                                                                                                                                                                        MD5:5D5D12336DA85008B37919C795C56607
                                                                                                                                                                                                                                        SHA1:30F93505D325EFB2674C5F18CBD7603C0544F0EA
                                                                                                                                                                                                                                        SHA-256:70252416E6CB744F36B84AA3834C0EE9DFC3527EE97133DDD6AED0A2F178201C
                                                                                                                                                                                                                                        SHA-512:CC913259E618514AB7C7779C846C36E394CEF0EEA344DB1B9DB90B796525CD9F53987D927FDA94B28AB5E73B68FB9F258FDB5FE041B32D59AFFCB4E444AAE8C4
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......eK.!*..!*..!*..(R..+*..s_...*..s_...*..s_..+*...X..%*...X..**..!*..*..._..*..._.. *..._B. *..._.. *..Rich!*..........................PE..d...v..f.........." .....(...................................................P............`A............................................p...`........ .......`..........8&...0..P...`d..p....................f..(....d..8............@...............................text....'.......(.................. ..`.rdata.......@.......,..............@..@.data....!...0......................@....pdata.......`.......*..............@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc..P....0......................@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscordaccore_amd64_amd64_6.0.3524.45918.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1320504
                                                                                                                                                                                                                                        Entropy (8bit):6.3740433775574274
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:I3ccAqMv7jLs0eJqwnSA/RSwn20qv6InSITDH4Pecta:I7s7jsjS4znnqyIn7TrRUa
                                                                                                                                                                                                                                        MD5:5D5D12336DA85008B37919C795C56607
                                                                                                                                                                                                                                        SHA1:30F93505D325EFB2674C5F18CBD7603C0544F0EA
                                                                                                                                                                                                                                        SHA-256:70252416E6CB744F36B84AA3834C0EE9DFC3527EE97133DDD6AED0A2F178201C
                                                                                                                                                                                                                                        SHA-512:CC913259E618514AB7C7779C846C36E394CEF0EEA344DB1B9DB90B796525CD9F53987D927FDA94B28AB5E73B68FB9F258FDB5FE041B32D59AFFCB4E444AAE8C4
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......eK.!*..!*..!*..(R..+*..s_...*..s_...*..s_..+*...X..%*...X..**..!*..*..._..*..._.. *..._B. *..._.. *..Rich!*..........................PE..d...v..f.........." .....(...................................................P............`A............................................p...`........ .......`..........8&...0..P...`d..p....................f..(....d..8............@...............................text....'.......(.................. ..`.rdata.......@.......,..............@..@.data....!...0......................@....pdata.......`.......*..............@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc..P....0......................@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscordbi.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1268256
                                                                                                                                                                                                                                        Entropy (8bit):6.353781583662467
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:ZZdZVbcj9cSuINr2JeOayeFbpo7iE8o3c:LdZVbe9dNVOay8be7iTo3c
                                                                                                                                                                                                                                        MD5:04520F980CDAE284E8E277A5EEEEDDE0
                                                                                                                                                                                                                                        SHA1:553717161DB99170BF43A552F5ADE7D62D595C88
                                                                                                                                                                                                                                        SHA-256:0D2BAD6FB84641FB0C314A885A43659733A2FFE4FD30038D686D8943215085CD
                                                                                                                                                                                                                                        SHA-512:B6931CA1FB8E15E3EADA725477786CEFF1A5AC92A2BB6E6350BF826EB416E5E1CE1BB5F545C926EE86AC21B25F8B7569486F9A92E0BD237088482A9A5AE948A2
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........g.jy4.jy4.jy4...4.jy4..|5.jy4..}5.jy4..z5.jy4'.}5.jy4'.x5.jy4.jx4:jy4>.z5.jy4>.p5.jy4>.y5.jy4>..4.jy4>.{5.jy4Rich.jy4................PE..d...o..f.........." .....n................................................................`A.........................................n..`....p.......`..........D....4.. &...p......`...p.......................(......8............................................text...5l.......n.................. ..`.rdata...............r..............@..@.data...x............t..............@....pdata..D...........................@..@_RDATA.......P......................@..@.rsrc........`......................@..@.reloc.......p......................@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscorlib.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):58664
                                                                                                                                                                                                                                        Entropy (8bit):5.651805521522887
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:v8zO+8uP8x/A15A4HI4gJl01Qa7ICltVtYFClobY9zJQ+M:kzO+8uA/A15A4o4gJq1DI+tEi4QzmH
                                                                                                                                                                                                                                        MD5:FBB5BF650AAEA448D918B2CEFE709039
                                                                                                                                                                                                                                        SHA1:D9A7B45DD8F22D24089DE96559D3BAC4D431FA47
                                                                                                                                                                                                                                        SHA-256:060AEFDEBF10E01A664A63C4330137DA0C0CC9F01A82E1FB09981E0369A7D365
                                                                                                                                                                                                                                        SHA-512:F34556DBA9EA69FCE8BC2D0EB95AB16048EEC1603F7CC9107F4ADE445A0694FE35DF120D21A42DA44B2516839191912E29CDA88685E67F5E2AD02DC9CE98128D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...<............." ..0.................. ........... ....................... ............`.................................l...O.......(...............()..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...(...........................@..@.reloc..............................@..B........................H.......P .............................................................BSJB............v4.0.30319......l...pL..#~...L..._..#Strings............#US.........#GUID...........#Blob............T.........3....................................,.....*-.........#.M...&.M.....M...M....h..)...$'....".2.....2...&.2..v$.2... .2.....2.....2...$.2..x..2...1.S.....S..5..]...$.M.................L.....L.....L..)..L..1..L..9..L..A..L..I..L..Q..L..Y..L..a..L..i..L..q..L..y..L.....L ....L.....L..

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscorrc.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):147120
                                                                                                                                                                                                                                        Entropy (8bit):3.8679598076564816
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:ZtgZms10iHvh7x8SKJlZ4vCCk7nw55IvZ4MgSZctpoEXXRWfzy:ZtgZ/aSKlZ4ZGnwmUS4ScRg2
                                                                                                                                                                                                                                        MD5:354AF4403A04CA4CAF359981635D08D4
                                                                                                                                                                                                                                        SHA1:A447720776EE112E45E08CFF574123A54ABD4A08
                                                                                                                                                                                                                                        SHA-256:15B115DEC61C47C0C10C49E98513EA8E4C83A9E2FC1F562F30FDB2CC1F620643
                                                                                                                                                                                                                                        SHA-512:BAABAB57981A6E7476FD9716FDB34585A5AA443067E2BFAADB0A79F2F7AAFFA31DEAD4B5559E43327EA0E3AE4A89CF131245C6C5852334906D0CC465E51F2230
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j=.I.S.I.S.I.S..~..H.S..~Q.H.S.RichI.S.PE..d...8..f.........." .........................................................@......f.....`.......................................................... ..`................(..............T............................................................................rdata..X...........................@..@.rsrc...`.... ......................@..@....8..f........j...l...l.......8..f........................8..f........l...................................RSDS.v...lbG..}.c.......D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscorrc\mscorrc.pdb...............................T....rdata..T........rdata$voltmd...l........rdata$zzzdbg.... .......rsrc$01.....;.......rsrc$02....................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\msquic.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):517032
                                                                                                                                                                                                                                        Entropy (8bit):6.327188439808119
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:DD4t2kjj3Ueh/9WoJcDSdiA9HuUrUb9KcvYCxe3Rw42SISaVGxQJyRMq1KsLGjrT:DDrkjjUoJcDSdiw4QcO3RoS9MV
                                                                                                                                                                                                                                        MD5:B5D0F85E7C820DB76EF2F4535552F03C
                                                                                                                                                                                                                                        SHA1:91EFF42F542175A41549BC966E9B249B65743951
                                                                                                                                                                                                                                        SHA-256:3D6D6E7A6F4729A7A416165BEABDA8A281AFFF082EBB538DF29E8F03E1A4741C
                                                                                                                                                                                                                                        SHA-512:5246EBEAF84A0486FF5ADB2083F60465FC68393D50AF05D17F704D08229CE948860018CBE880C40D5700154C3E61FC735C451044F85E03D78568D60DE80752F7
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.................................................................................7...2......2......2.7....._....2......Rich............................PE..d.....Mb.........." .................E.......................................0.......H....`A........................................0y..|....y....... ..h........>.......'... ..........T...............................8............... ............................text...z........................... ..`.rdata...{.......|..................@..@.data...p2...........r..............@....pdata...>.......@...~..............@..@_RDATA..............................@..@.rsrc...h.... ......................@..@.reloc....... ......................@..B........................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\netstandard.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):101640
                                                                                                                                                                                                                                        Entropy (8bit):5.506576792775679
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:XiTrnaN0HjO8MZYq5V4bgDHsPdPpwSJ5L3Akcg9Qjei+azJ:maN8qZYe4bgDUnNKjeu1
                                                                                                                                                                                                                                        MD5:24DE069D45146E3C9C58241640EBC228
                                                                                                                                                                                                                                        SHA1:7ADA4AFFD7F72B83888B9A2E6B6A3CA9F6A8498A
                                                                                                                                                                                                                                        SHA-256:3B9D2E148DA3B035B12DC0787F8C5B23EC502B2428F6593A1B5C65BF527A3D5C
                                                                                                                                                                                                                                        SHA-512:6136C2954C59BBC0B26CD8E99AA3A2523A62F9AC90F415F3E74206D638762BF5E46E8B9DD72FD30F50CFC1997F2F8BD9D09BA160ADE9B6D008BADA6B46CEFE3E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\netstandard.dll, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\netstandard.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...xr..........." ..0..Z..........6x... ........... ..............................p.....`..................................w..O.......8............d...)...........w..T............................................ ............... ..H............text...<X... ...Z.................. ..`.rsrc...8............\..............@..@.reloc...............b..............@..B.................x......H.......P ..DV...................v......................................BSJB............v4.0.30319......l.......#~..,.......#Strings.....R......#US..R......#GUID....R..P...#Blob............T.........3................................U...(......H.........5*....;*....'8.........., A...7.J..P4*U..5#*U...:*U..n7*U..&1*U....*U.../*U..(7*U...(*U...T-..../-...i&....7*................./...../...../...)./...1./...9./...A./...I./...Q./...Y./...a./...i./...q./...y./...../. .../...../...

                                                                                                                                                                                                                                        C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\ucrtbase.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1122768
                                                                                                                                                                                                                                        Entropy (8bit):6.6466118295886165
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:CJG2BrB3ZQAq0AT2jS9HKHdK6AccMs1wmxvSZX0ypFi:0VGrT6SAk3ei
                                                                                                                                                                                                                                        MD5:3B337C2D41069B0A1E43E30F891C3813
                                                                                                                                                                                                                                        SHA1:EBEE2827B5CB153CBBB51C9718DA1549FA80FC5C
                                                                                                                                                                                                                                        SHA-256:C04DAEBA7E7C4B711D33993AB4C51A2E087F98F4211AEA0DCB3A216656BA0AB7
                                                                                                                                                                                                                                        SHA-512:FDB3012A71221447B35757ED2BDCA6ED1F8833B2F81D03AABEBD2CD7780A33A9C3D816535D03C5C3EDD5AAF11D91156842B380E2A63135E3C7F87193AD211499
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........T...:K..:K..:K..K..:K..;K..:KK..K..:KK.:J..:KK.9J..:KK.?J..:KK.>J.:KK.4J..:KK..K..:KK.8J..:KRich..:K........PE..d................" .....0..........0^...............................................N....`A................................................................. ...........!...... .......p............................Z..8..............(............................text...X .......0.................. ..`.rdata......@.......@..............@..@.data....&....... ..................@....pdata....... ......................@..@.rsrc...............................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AteraAgent.exe.log

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:CSV text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2402
                                                                                                                                                                                                                                        Entropy (8bit):5.362731083469072
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:MxHKQg8mHDp684IHTQ06YHKGSI6oPtHTHhAHKKk+HKlT4v1qHGIs0HKaHKmTHlH7:iqzCIzQ06YqGSI6oPtzHeqKk+qZ4vwme
                                                                                                                                                                                                                                        MD5:28B4BFE9130A35038BD57B2F89847BAE
                                                                                                                                                                                                                                        SHA1:8DBF9D2800AB08CCA18B4BA00549513282B774A9
                                                                                                                                                                                                                                        SHA-256:19F498CAE589207075B8C82D7DACEAE23997D61B93A971A4F049DC14C8A3D514
                                                                                                                                                                                                                                        SHA-512:02100FD4059C4D32FBAAA9CEAACB14C50A4359E4217203B2F7A40E298AD819ED5469F2442291F12852527A2B7109CC5F7BFF7FDAD53BA5ABF75FC5F0474E984F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.ServiceProcess, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Serv759bfb78#\e2ca4e2ddffdc0d0bda3f2ca65249790\System.ServiceProcess.ni.dll",0..3,"System.Configuration.Install, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Confe64a9051#\434f871c532673e1359654ad68a1c225\System.Configuration.Install.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\a

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                        File Type:CSV text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):651
                                                                                                                                                                                                                                        Entropy (8bit):5.343677015075984
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhaOK9eDLI4MNJK9P/JNTK9yiv:ML9E4KlKDE4KhKiKhPKIE4oKNzKoM
                                                                                                                                                                                                                                        MD5:7EEF860682F76EC7D541A8C1A3494E3D
                                                                                                                                                                                                                                        SHA1:58D759A845D2D961A5430E429EF777E60C48C87E
                                                                                                                                                                                                                                        SHA-256:65E958955AC5DBB7D7AD573EB4BB36BFF4A1DC52DD16CF79A5F7A0FA347727F1
                                                                                                                                                                                                                                        SHA-512:BF7767D55F624B8404240953A726AA616D0CE60EC1B3027710B919D6838EFF7281A79B49B22AB8B065D8CA921EF4D09017A0991CB4A21DAF09B3B43E6698CB04
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..

                                                                                                                                                                                                                                        C:\Windows\Installer\3f511b.msi

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: Intel;1033, Revision Number: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}, Create Time/Date: Wed Feb 28 10:52:02 2024, Last Saved Time/Date: Wed Feb 28 10:52:02 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2994176
                                                                                                                                                                                                                                        Entropy (8bit):7.87866697840517
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:W+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:W+lUlz9FKbsodq0YaH7ZPxMb8tT
                                                                                                                                                                                                                                        MD5:24551F611DD0042FB6F37C3556BE9328
                                                                                                                                                                                                                                        SHA1:6732520636B45264B3FE08CDDDB90E22E99AC40F
                                                                                                                                                                                                                                        SHA-256:7E3E97A19D93606583C07808E3B352D65BF7F316E4F97D4808CA0C3E3EFBADE3
                                                                                                                                                                                                                                        SHA-512:2660CC83A7CFD6EB0343497B1C944263790F1211EEC26F4CB81B582E82FBB6D260ECDF9741203C964D3D154F7F1397021EA7928E440A590750731387D347AB09
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\3f511d.msi

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: Intel;1033, Revision Number: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}, Create Time/Date: Wed Feb 28 10:52:02 2024, Last Saved Time/Date: Wed Feb 28 10:52:02 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2994176
                                                                                                                                                                                                                                        Entropy (8bit):7.87866697840517
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:W+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:W+lUlz9FKbsodq0YaH7ZPxMb8tT
                                                                                                                                                                                                                                        MD5:24551F611DD0042FB6F37C3556BE9328
                                                                                                                                                                                                                                        SHA1:6732520636B45264B3FE08CDDDB90E22E99AC40F
                                                                                                                                                                                                                                        SHA-256:7E3E97A19D93606583C07808E3B352D65BF7F316E4F97D4808CA0C3E3EFBADE3
                                                                                                                                                                                                                                        SHA-512:2660CC83A7CFD6EB0343497B1C944263790F1211EEC26F4CB81B582E82FBB6D260ECDF9741203C964D3D154F7F1397021EA7928E440A590750731387D347AB09
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\3f511e.msi

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: x64;1033, Revision Number: {911E9E2F-B38D-4D02-A148-5E49FC9D8943}, Create Time/Date: Wed Feb 28 10:52:04 2024, Last Saved Time/Date: Wed Feb 28 10:52:04 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2994176
                                                                                                                                                                                                                                        Entropy (8bit):7.878630966889847
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:s+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oq1xMbY+K/tzQz:s+lUlz9FKbsodq0YaH7Z1xMb8tT
                                                                                                                                                                                                                                        MD5:5E90226ABB5A004B0B9DB9A9E67BAC21
                                                                                                                                                                                                                                        SHA1:34EB703055BAFA469A714F18C7F00E5098B764AF
                                                                                                                                                                                                                                        SHA-256:BE0C53481ED4CF3EC4D0AD16053CD18D6AAD8C349B8281F5F9B90B526420CEAE
                                                                                                                                                                                                                                        SHA-512:2676357D10AA76F09F2A1F691C7566D54E34B20716EDF1301B2D69C3E3400D0A70E7C1738AEA9A75334B384AB988CEA3A07B983C900AE32395285BE61673C288
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\3f512a.msi

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: x64;1033, Revision Number: {911E9E2F-B38D-4D02-A148-5E49FC9D8943}, Create Time/Date: Wed Feb 28 10:52:04 2024, Last Saved Time/Date: Wed Feb 28 10:52:04 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2994176
                                                                                                                                                                                                                                        Entropy (8bit):7.878630966889847
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:s+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oq1xMbY+K/tzQz:s+lUlz9FKbsodq0YaH7Z1xMb8tT
                                                                                                                                                                                                                                        MD5:5E90226ABB5A004B0B9DB9A9E67BAC21
                                                                                                                                                                                                                                        SHA1:34EB703055BAFA469A714F18C7F00E5098B764AF
                                                                                                                                                                                                                                        SHA-256:BE0C53481ED4CF3EC4D0AD16053CD18D6AAD8C349B8281F5F9B90B526420CEAE
                                                                                                                                                                                                                                        SHA-512:2676357D10AA76F09F2A1F691C7566D54E34B20716EDF1301B2D69C3E3400D0A70E7C1738AEA9A75334B384AB988CEA3A07B983C900AE32395285BE61673C288
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\3f512b.msi

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Microsoft .NET Runtime - 6.0.35 (x64), Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft .NET Runtime - 6.0.35 (x64)., Template: x64;1033, Revision Number: {76657AF8-AF4E-4FA9-9A39-80AC267D9B11}, Create Time/Date: Fri Sep 20 22:46:46 2024, Last Saved Time/Date: Fri Sep 20 22:46:46 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):27254784
                                                                                                                                                                                                                                        Entropy (8bit):7.993818546625114
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:393216:S9tkUbkbvqusHBmlh8dvMt0NDf8K/36n8lxjNnLBKopkJUjy/AlhxH169Dqnw+Oz:24qu1lMDf8Kyn83jNltkJ7JGnTOaTm
                                                                                                                                                                                                                                        MD5:D9F7AE6A57AF83B652711426C4834045
                                                                                                                                                                                                                                        SHA1:98D255AECDBFD1BAE9FF533D4C7E5DBE5D0E1833
                                                                                                                                                                                                                                        SHA-256:AF1319821632F2CEB79C61B4CA6EB53A6341FBA295C02716418216857AF7F4E0
                                                                                                                                                                                                                                        SHA-512:5C7DB8C0617125DEB27DE37B056FEEAEAF18585A12AD347A6E6C132AE438E1EB0F27180BC700BD8322E5D5A30E7CEFA62B123E7B0B9CD85E1B8605C0B195BE03
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\3f512e.msi

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Microsoft .NET Runtime - 6.0.35 (x64), Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft .NET Runtime - 6.0.35 (x64)., Template: x64;1033, Revision Number: {76657AF8-AF4E-4FA9-9A39-80AC267D9B11}, Create Time/Date: Fri Sep 20 22:46:46 2024, Last Saved Time/Date: Fri Sep 20 22:46:46 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):27254784
                                                                                                                                                                                                                                        Entropy (8bit):7.993818546625114
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:393216:S9tkUbkbvqusHBmlh8dvMt0NDf8K/36n8lxjNnLBKopkJUjy/AlhxH169Dqnw+Oz:24qu1lMDf8Kyn83jNltkJ7JGnTOaTm
                                                                                                                                                                                                                                        MD5:D9F7AE6A57AF83B652711426C4834045
                                                                                                                                                                                                                                        SHA1:98D255AECDBFD1BAE9FF533D4C7E5DBE5D0E1833
                                                                                                                                                                                                                                        SHA-256:AF1319821632F2CEB79C61B4CA6EB53A6341FBA295C02716418216857AF7F4E0
                                                                                                                                                                                                                                        SHA-512:5C7DB8C0617125DEB27DE37B056FEEAEAF18585A12AD347A6E6C132AE438E1EB0F27180BC700BD8322E5D5A30E7CEFA62B123E7B0B9CD85E1B8605C0B195BE03
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\3f512f.msi

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Microsoft .NET Host FX Resolver - 6.0.35 (x64), Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft .NET Host FX Resolver - 6.0.35 (x64)., Template: x64;1033, Revision Number: {4E46258D-E612-40D6-A98B-8F64771E3561}, Create Time/Date: Fri Sep 20 22:45:38 2024, Last Saved Time/Date: Fri Sep 20 22:45:38 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):876544
                                                                                                                                                                                                                                        Entropy (8bit):6.764930942879866
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:2F1vYgTqU8VKIvZUlkj/cBhZeK4lu/XdmYw:Q/THWvZgkjcDefMFm
                                                                                                                                                                                                                                        MD5:D8BEAFDEDBD946A6A8FC665AF000ED79
                                                                                                                                                                                                                                        SHA1:2BFE61EADB6172CB71CEA0155A7304630B28B13E
                                                                                                                                                                                                                                        SHA-256:671E5EF4766CAC4AA479E7445F52892D1807F63269BDA8159A584C540FB56706
                                                                                                                                                                                                                                        SHA-512:2774D5A5158BCE463819DBC2DDC065DA502A1C6C75A800A815BEEB028C95000263F42B6E6012FC979A3A5AC51B9027B231685739F7A0D7043178762B1602A9B0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\3f5132.msi

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Microsoft .NET Host FX Resolver - 6.0.35 (x64), Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft .NET Host FX Resolver - 6.0.35 (x64)., Template: x64;1033, Revision Number: {4E46258D-E612-40D6-A98B-8F64771E3561}, Create Time/Date: Fri Sep 20 22:45:38 2024, Last Saved Time/Date: Fri Sep 20 22:45:38 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):876544
                                                                                                                                                                                                                                        Entropy (8bit):6.764930942879866
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:2F1vYgTqU8VKIvZUlkj/cBhZeK4lu/XdmYw:Q/THWvZgkjcDefMFm
                                                                                                                                                                                                                                        MD5:D8BEAFDEDBD946A6A8FC665AF000ED79
                                                                                                                                                                                                                                        SHA1:2BFE61EADB6172CB71CEA0155A7304630B28B13E
                                                                                                                                                                                                                                        SHA-256:671E5EF4766CAC4AA479E7445F52892D1807F63269BDA8159A584C540FB56706
                                                                                                                                                                                                                                        SHA-512:2774D5A5158BCE463819DBC2DDC065DA502A1C6C75A800A815BEEB028C95000263F42B6E6012FC979A3A5AC51B9027B231685739F7A0D7043178762B1602A9B0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\3f5133.msi

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Microsoft .NET Host - 6.0.35 (x64), Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft .NET Host - 6.0.35 (x64)., Template: x64;1033, Revision Number: {C44636B0-CF91-423F-8EBB-E5C6C9CC18A4}, Create Time/Date: Fri Sep 20 22:45:28 2024, Last Saved Time/Date: Fri Sep 20 22:45:28 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):811008
                                                                                                                                                                                                                                        Entropy (8bit):6.575095120429218
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:4gJcuBRFvqU8VKIvZUlkj/cBhZeK4lu/XdmYwh:46zBRlHWvZgkjcDefMFm
                                                                                                                                                                                                                                        MD5:C06D2181660306AE33B8D5E37DD4E98D
                                                                                                                                                                                                                                        SHA1:2B7F6A21BDB9E2414C3B13AA357C395512A86499
                                                                                                                                                                                                                                        SHA-256:D09C105D0C6E5D89D4E53499288135FF53AAAC76EE1E11470EC1AE49CC4A485E
                                                                                                                                                                                                                                        SHA-512:96205082A1C94370D7D4DA90C319A0D0E3AF8FB53B2A33097C86A0D8EC14963745A940E38FB31B68394847AA80467E41CA1B5F83685F25B779521676DBA1EA4C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\3f5136.msi

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Microsoft .NET Host - 6.0.35 (x64), Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft .NET Host - 6.0.35 (x64)., Template: x64;1033, Revision Number: {C44636B0-CF91-423F-8EBB-E5C6C9CC18A4}, Create Time/Date: Fri Sep 20 22:45:28 2024, Last Saved Time/Date: Fri Sep 20 22:45:28 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):811008
                                                                                                                                                                                                                                        Entropy (8bit):6.575095120429218
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:4gJcuBRFvqU8VKIvZUlkj/cBhZeK4lu/XdmYwh:46zBRlHWvZgkjcDefMFm
                                                                                                                                                                                                                                        MD5:C06D2181660306AE33B8D5E37DD4E98D
                                                                                                                                                                                                                                        SHA1:2B7F6A21BDB9E2414C3B13AA357C395512A86499
                                                                                                                                                                                                                                        SHA-256:D09C105D0C6E5D89D4E53499288135FF53AAAC76EE1E11470EC1AE49CC4A485E
                                                                                                                                                                                                                                        SHA-512:96205082A1C94370D7D4DA90C319A0D0E3AF8FB53B2A33097C86A0D8EC14963745A940E38FB31B68394847AA80467E41CA1B5F83685F25B779521676DBA1EA4C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI1057.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):250736
                                                                                                                                                                                                                                        Entropy (8bit):6.765155684437659
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:hXiqyhTO8W0iEa8LW0bEC9hvZpC01v+eUKflQnZl+T+J7g6EsNr7wyy/EPzr9XA:hqhy8VKU3hvZUy+ppHEsuB/cBQ
                                                                                                                                                                                                                                        MD5:60E8C139E673B9EB49DC83718278BC88
                                                                                                                                                                                                                                        SHA1:00A3A9CD6D3A9F52628EA09C2E645FE56EE7CD56
                                                                                                                                                                                                                                        SHA-256:B181B6B4D69A53143A97A306919BA1ADBC0B036A48B6D1D41AE7A01E8EF286CB
                                                                                                                                                                                                                                        SHA-512:AC7CB86DBF3B86F00DA7B8A246A6C7EF65A6F1C8705EA07F9B90E494B6239FB9626B55EE872A9B7F16575A60C82E767AF228B8F018D4D7B9F783EFACCCA2B103
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x.....V...V...V:i.W...V:i.WR..V.q.W...V.q.W...V.q.W...V:i.W...V:i.W...V:i.W...V...V&..Vup.W...Vup.W...VupFV...V...V...Vup.W...VRich...V................PE..L......e...........!.....<...X......Q........P...........................................@..........................G.......L..........x............|..pW...........<..T............................<..@............P..0............................text....:.......<.................. ..`.rdata.......P.......@..............@..@.data...4$...`.......N..............@....rsrc...x............X..............@..@.reloc...............^..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI11A0.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2805
                                                                                                                                                                                                                                        Entropy (8bit):5.772340074544582
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:DLgodt08v2Oh0giUHMb6P3q2Ym1kLD8SuhJB4yKeU1DrnBDZk3EVltibVq:DLgodtfO40YHP2YSYJCZe63BDZk3EPQI
                                                                                                                                                                                                                                        MD5:5B06BC630AC1ABF9443447CB9E1EF6E6
                                                                                                                                                                                                                                        SHA1:C7CC732A59EA70EF6F8D303AB47CF728341E451B
                                                                                                                                                                                                                                        SHA-256:C85DF6C9B9F03E902980CE3F1AF46265E8D4F80A71D8F00E4D8F43FD2AC69A30
                                                                                                                                                                                                                                        SHA-512:454C55E6E655D6C97228EB95A64CB54839604238C0AA10173D72BC374086A684618516EC06FBDC7CB63EB8B4D07AC03213600A722276C6E9C4E9B520ECFB775A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:...@IXOS.@.....@.=hY.@.....@.....@.....@.....@.....@......&.{E91F8AC1-4917-455E-AACA-B40B193C7A62}..Microsoft .NET Host FX Resolver - 6.0.35 (x64)!.dotnet-hostfxr-6.0.35-win-x64.msi.@.....@.S.0.@.....@........&.{4E46258D-E612-40D6-A98B-8F64771E3561}.....@.....@.....@.....@.......@.....@.....@.......@......Microsoft .NET Host FX Resolver - 6.0.35 (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{E3262256-B959-50C5-91BD-D2C1656236F1}W.02:\Software\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_48.140.21458_x64\Version.@.......@.....@.....@......&.{B59DD035-01D3-57CD-A06D-224838439FEA}3.C:\Program Files\dotnet\host\fxr\6.0.35\hostfxr.dll.@.......@.....@.....@......&.{8EC524B8-7864-5ACE-B320-2D36216EBC12}?.02:\SOFTWARE\dotnet\Setup\InstalledVersions\x64\hostfxr\Version.@.......@.....@.....@........InstallFiles..Copying new files&.File: [1], Dir

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI1337.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):250736
                                                                                                                                                                                                                                        Entropy (8bit):6.765155684437659
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:hXiqyhTO8W0iEa8LW0bEC9hvZpC01v+eUKflQnZl+T+J7g6EsNr7wyy/EPzr9XA:hqhy8VKU3hvZUy+ppHEsuB/cBQ
                                                                                                                                                                                                                                        MD5:60E8C139E673B9EB49DC83718278BC88
                                                                                                                                                                                                                                        SHA1:00A3A9CD6D3A9F52628EA09C2E645FE56EE7CD56
                                                                                                                                                                                                                                        SHA-256:B181B6B4D69A53143A97A306919BA1ADBC0B036A48B6D1D41AE7A01E8EF286CB
                                                                                                                                                                                                                                        SHA-512:AC7CB86DBF3B86F00DA7B8A246A6C7EF65A6F1C8705EA07F9B90E494B6239FB9626B55EE872A9B7F16575A60C82E767AF228B8F018D4D7B9F783EFACCCA2B103
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x.....V...V...V:i.W...V:i.WR..V.q.W...V.q.W...V.q.W...V:i.W...V:i.W...V:i.W...V...V&..Vup.W...Vup.W...VupFV...V...V...Vup.W...VRich...V................PE..L......e...........!.....<...X......Q........P...........................................@..........................G.......L..........x............|..pW...........<..T............................<..@............P..0............................text....:.......<.................. ..`.rdata.......P.......@..............@..@.data...4$...`.......N..............@....rsrc...x............X..............@..@.reloc...............^..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI152C.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):250736
                                                                                                                                                                                                                                        Entropy (8bit):6.765155684437659
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:hXiqyhTO8W0iEa8LW0bEC9hvZpC01v+eUKflQnZl+T+J7g6EsNr7wyy/EPzr9XA:hqhy8VKU3hvZUy+ppHEsuB/cBQ
                                                                                                                                                                                                                                        MD5:60E8C139E673B9EB49DC83718278BC88
                                                                                                                                                                                                                                        SHA1:00A3A9CD6D3A9F52628EA09C2E645FE56EE7CD56
                                                                                                                                                                                                                                        SHA-256:B181B6B4D69A53143A97A306919BA1ADBC0B036A48B6D1D41AE7A01E8EF286CB
                                                                                                                                                                                                                                        SHA-512:AC7CB86DBF3B86F00DA7B8A246A6C7EF65A6F1C8705EA07F9B90E494B6239FB9626B55EE872A9B7F16575A60C82E767AF228B8F018D4D7B9F783EFACCCA2B103
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x.....V...V...V:i.W...V:i.WR..V.q.W...V.q.W...V.q.W...V:i.W...V:i.W...V:i.W...V...V&..Vup.W...Vup.W...VupFV...V...V...Vup.W...VRich...V................PE..L......e...........!.....<...X......Q........P...........................................@..........................G.......L..........x............|..pW...........<..T............................<..@............P..0............................text....:.......<.................. ..`.rdata.......P.......@..............@..@.data...4$...`.......N..............@....rsrc...x............X..............@..@.reloc...............^..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI1665.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4254
                                                                                                                                                                                                                                        Entropy (8bit):5.72283888692679
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:xILmgjdqJLaU3gtEVPQHLxgemt3tFbSuce6tqDDkrQEPbdBZ:xM3qEUweUePJLSuce6HkWbF
                                                                                                                                                                                                                                        MD5:8C220F677EAF11F8C7AB3A9A0F5FE2BE
                                                                                                                                                                                                                                        SHA1:7E8C6ECAD31CAA6464131B745120424617FC91DD
                                                                                                                                                                                                                                        SHA-256:12C2269168893E16A6AFAB347F024690C31A57DE017A7A9F318BB35B84089E9F
                                                                                                                                                                                                                                        SHA-512:6E8C716ACFF8FECD78FCC852381EB0A94A516D9139DC3C362CF6775B3211061E59BB8469EF969F939B31CED95BFC44EE2FA4B9C863607ADB90B436CF8DDBC761
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:...@IXOS.@.....@.=hY.@.....@.....@.....@.....@.....@......&.{C59601A1-771B-426B-A9F7-6CACCAC4DB4E}".Microsoft .NET Host - 6.0.35 (x64)..dotnet-host-6.0.35-win-x64.msi.@.....@.S.0.@.....@........&.{C44636B0-CF91-423F-8EBB-E5C6C9CC18A4}.....@.....@.....@.....@.......@.....@.....@.......@....".Microsoft .NET Host - 6.0.35 (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{3AB1371A-161F-5BD9-98C8-F9BF7A103CA5}X.02:\Software\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_48.3.31210_x64\Version.@.......@.....@.....@......&.{45399BBB-DDA5-4386-A2E9-618FB3C54A18}".C:\Program Files\dotnet\dotnet.exe.@.......@.....@.....@......&.{EA9C3F98-F9B1-5212-8980-CFEAF2B15E0D}B.22:\SOFTWARE\dotnet\Setup\InstalledVersions\x64\sharedhost\Version.@.......@.....@.....@......&.{E4E008C8-57A8-5040-BB34-03024B15B6C5}?.02:\SOFTWARE\dotnet\Setup\InstalledVersions\x64\

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI1C04.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):250736
                                                                                                                                                                                                                                        Entropy (8bit):6.765155684437659
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:hXiqyhTO8W0iEa8LW0bEC9hvZpC01v+eUKflQnZl+T+J7g6EsNr7wyy/EPzr9XA:hqhy8VKU3hvZUy+ppHEsuB/cBQ
                                                                                                                                                                                                                                        MD5:60E8C139E673B9EB49DC83718278BC88
                                                                                                                                                                                                                                        SHA1:00A3A9CD6D3A9F52628EA09C2E645FE56EE7CD56
                                                                                                                                                                                                                                        SHA-256:B181B6B4D69A53143A97A306919BA1ADBC0B036A48B6D1D41AE7A01E8EF286CB
                                                                                                                                                                                                                                        SHA-512:AC7CB86DBF3B86F00DA7B8A246A6C7EF65A6F1C8705EA07F9B90E494B6239FB9626B55EE872A9B7F16575A60C82E767AF228B8F018D4D7B9F783EFACCCA2B103
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x.....V...V...V:i.W...V:i.WR..V.q.W...V.q.W...V.q.W...V:i.W...V:i.W...V:i.W...V...V&..Vup.W...Vup.W...VupFV...V...V...Vup.W...VRich...V................PE..L......e...........!.....<...X......Q........P...........................................@..........................G.......L..........x............|..pW...........<..T............................<..@............P..0............................text....:.......<.................. ..`.rdata.......P.......@..............@..@.data...4$...`.......N..............@....rsrc...x............X..............@..@.reloc...............^..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI1D6C.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):250736
                                                                                                                                                                                                                                        Entropy (8bit):6.765155684437659
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:hXiqyhTO8W0iEa8LW0bEC9hvZpC01v+eUKflQnZl+T+J7g6EsNr7wyy/EPzr9XA:hqhy8VKU3hvZUy+ppHEsuB/cBQ
                                                                                                                                                                                                                                        MD5:60E8C139E673B9EB49DC83718278BC88
                                                                                                                                                                                                                                        SHA1:00A3A9CD6D3A9F52628EA09C2E645FE56EE7CD56
                                                                                                                                                                                                                                        SHA-256:B181B6B4D69A53143A97A306919BA1ADBC0B036A48B6D1D41AE7A01E8EF286CB
                                                                                                                                                                                                                                        SHA-512:AC7CB86DBF3B86F00DA7B8A246A6C7EF65A6F1C8705EA07F9B90E494B6239FB9626B55EE872A9B7F16575A60C82E767AF228B8F018D4D7B9F783EFACCCA2B103
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x.....V...V...V:i.W...V:i.WR..V.q.W...V.q.W...V.q.W...V:i.W...V:i.W...V:i.W...V...V&..Vup.W...Vup.W...VupFV...V...V...Vup.W...VRich...V................PE..L......e...........!.....<...X......Q........P...........................................@..........................G.......L..........x............|..pW...........<..T............................<..@............P..0............................text....:.......<.................. ..`.rdata.......P.......@..............@..@.data...4$...`.......N..............@....rsrc...x............X..............@..@.reloc...............^..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI1EF4.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):714
                                                                                                                                                                                                                                        Entropy (8bit):5.483186386776121
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:EgNsJ0LBbNQBG+30gBRxKdvzj//l30gBRP/fNEhHmX/qHXZNDUSEMszVltNnDwN7:W0LBCBG+3tRxKd7jV3tRSQXkXZIMEVl6
                                                                                                                                                                                                                                        MD5:20ABC19A304E6C1A4154FC60BFD3590D
                                                                                                                                                                                                                                        SHA1:BC857E307DD727EE538C37936EC39988641B229A
                                                                                                                                                                                                                                        SHA-256:2C1E01FCF42162902F6482F0B18B8D75BBB60E24207B1B638CA58BA87F5DCE32
                                                                                                                                                                                                                                        SHA-512:EFA03E8EFF6DA9FFD3E3738C9CFFDD35A3FBFCE8899B1DED896A1C696C70B34A08D1E75845B9837A250393E33CA8AD7FA65511E1537B4052DB26E350B08AB6B1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:...@IXOS.@.....@.=hY.@.....@.....@.....@.....@.....@......&.{C79F6EEC-3A2B-487D-A3B6-EDF4057B4E4B}%.Microsoft .NET Runtime - 6.0.35 (x64)!.dotnet-runtime-6.0.35-win-x64.msi.@.....@.S.0.@.....@........&.{76657AF8-AF4E-4FA9-9A39-80AC267D9B11}.....@.....@.....@.....@.......@.....@.....@.......@....%.Microsoft .NET Runtime - 6.0.35 (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........RegisterProduct..Registering product..[1]i...0......PublishProduct..Publishing product information.......@.....@.....@......&.{C79F6EEC-3A2B-487D-A3B6-EDF4057B4E4B}Q.C:\ProgramData\Package Cache\{C79F6EEC-3A2B-487D-A3B6-EDF4057B4E4B}v48.140.21458\...@.....@.....@....

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI1F82.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):250736
                                                                                                                                                                                                                                        Entropy (8bit):6.765155684437659
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:hXiqyhTO8W0iEa8LW0bEC9hvZpC01v+eUKflQnZl+T+J7g6EsNr7wyy/EPzr9XA:hqhy8VKU3hvZUy+ppHEsuB/cBQ
                                                                                                                                                                                                                                        MD5:60E8C139E673B9EB49DC83718278BC88
                                                                                                                                                                                                                                        SHA1:00A3A9CD6D3A9F52628EA09C2E645FE56EE7CD56
                                                                                                                                                                                                                                        SHA-256:B181B6B4D69A53143A97A306919BA1ADBC0B036A48B6D1D41AE7A01E8EF286CB
                                                                                                                                                                                                                                        SHA-512:AC7CB86DBF3B86F00DA7B8A246A6C7EF65A6F1C8705EA07F9B90E494B6239FB9626B55EE872A9B7F16575A60C82E767AF228B8F018D4D7B9F783EFACCCA2B103
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x.....V...V...V:i.W...V:i.WR..V.q.W...V.q.W...V.q.W...V:i.W...V:i.W...V:i.W...V...V&..Vup.W...Vup.W...VupFV...V...V...Vup.W...VRich...V................PE..L......e...........!.....<...X......Q........P...........................................@..........................G.......L..........x............|..pW...........<..T............................<..@............P..0............................text....:.......<.................. ..`.rdata.......P.......@..............@..@.data...4$...`.......N..............@....rsrc...x............X..............@..@.reloc...............^..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI21D4.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):250736
                                                                                                                                                                                                                                        Entropy (8bit):6.765155684437659
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:hXiqyhTO8W0iEa8LW0bEC9hvZpC01v+eUKflQnZl+T+J7g6EsNr7wyy/EPzr9XA:hqhy8VKU3hvZUy+ppHEsuB/cBQ
                                                                                                                                                                                                                                        MD5:60E8C139E673B9EB49DC83718278BC88
                                                                                                                                                                                                                                        SHA1:00A3A9CD6D3A9F52628EA09C2E645FE56EE7CD56
                                                                                                                                                                                                                                        SHA-256:B181B6B4D69A53143A97A306919BA1ADBC0B036A48B6D1D41AE7A01E8EF286CB
                                                                                                                                                                                                                                        SHA-512:AC7CB86DBF3B86F00DA7B8A246A6C7EF65A6F1C8705EA07F9B90E494B6239FB9626B55EE872A9B7F16575A60C82E767AF228B8F018D4D7B9F783EFACCCA2B103
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x.....V...V...V:i.W...V:i.WR..V.q.W...V.q.W...V.q.W...V:i.W...V:i.W...V:i.W...V...V&..Vup.W...Vup.W...VupFV...V...V...Vup.W...VRich...V................PE..L......e...........!.....<...X......Q........P...........................................@..........................G.......L..........x............|..pW...........<..T............................<..@............P..0............................text....:.......<.................. ..`.rdata.......P.......@..............@..@.data...4$...`.......N..............@....rsrc...x............X..............@..@.reloc...............^..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI231D.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):732
                                                                                                                                                                                                                                        Entropy (8bit):5.490155869325782
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:EgNsJ0LB3K30/WRvqdiUvDQj//430/WRP/fNEhHmX/qHXZNDUSEMszVltNnjmpWy:W0LB63fRvqd1v0jo3fRSQXkXZIMEVlta
                                                                                                                                                                                                                                        MD5:B172504B39DDF66139BC072C9D666E67
                                                                                                                                                                                                                                        SHA1:F89A4DA99FFE05118C8CE06E0D58AD593CF79A38
                                                                                                                                                                                                                                        SHA-256:69CCCB118D245E17DFDCB50CF21286CAA99214B60CA34213F56D408479560BEA
                                                                                                                                                                                                                                        SHA-512:8D4B6DD314877C65508D86B1F40506789E3E59BE5950C924089503D97A1AC4D2F5C95D911507A85D950FB5446681F789331E8141DA0D0816DFBAC88A6B802C60
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:...@IXOS.@.....@.=hY.@.....@.....@.....@.....@.....@......&.{E91F8AC1-4917-455E-AACA-B40B193C7A62}..Microsoft .NET Host FX Resolver - 6.0.35 (x64)!.dotnet-hostfxr-6.0.35-win-x64.msi.@.....@.S.0.@.....@........&.{4E46258D-E612-40D6-A98B-8F64771E3561}.....@.....@.....@.....@.......@.....@.....@.......@......Microsoft .NET Host FX Resolver - 6.0.35 (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........RegisterProduct..Registering product..[1]i...0......PublishProduct..Publishing product information.......@.....@.....@......&.{E91F8AC1-4917-455E-AACA-B40B193C7A62}Q.C:\ProgramData\Package Cache\{E91F8AC1-4917-455E-AACA-B40B193C7A62}v48.140.21458\...@.....@.....@....

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI238C.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):250736
                                                                                                                                                                                                                                        Entropy (8bit):6.765155684437659
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:hXiqyhTO8W0iEa8LW0bEC9hvZpC01v+eUKflQnZl+T+J7g6EsNr7wyy/EPzr9XA:hqhy8VKU3hvZUy+ppHEsuB/cBQ
                                                                                                                                                                                                                                        MD5:60E8C139E673B9EB49DC83718278BC88
                                                                                                                                                                                                                                        SHA1:00A3A9CD6D3A9F52628EA09C2E645FE56EE7CD56
                                                                                                                                                                                                                                        SHA-256:B181B6B4D69A53143A97A306919BA1ADBC0B036A48B6D1D41AE7A01E8EF286CB
                                                                                                                                                                                                                                        SHA-512:AC7CB86DBF3B86F00DA7B8A246A6C7EF65A6F1C8705EA07F9B90E494B6239FB9626B55EE872A9B7F16575A60C82E767AF228B8F018D4D7B9F783EFACCCA2B103
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x.....V...V...V:i.W...V:i.WR..V.q.W...V.q.W...V.q.W...V:i.W...V:i.W...V:i.W...V...V&..Vup.W...Vup.W...VupFV...V...V...Vup.W...VRich...V................PE..L......e...........!.....<...X......Q........P...........................................@..........................G.......L..........x............|..pW...........<..T............................<..@............P..0............................text....:.......<.................. ..`.rdata.......P.......@..............@..@.data...4$...`.......N..............@....rsrc...x............X..............@..@.reloc...............^..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI26AA.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):250736
                                                                                                                                                                                                                                        Entropy (8bit):6.765155684437659
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:hXiqyhTO8W0iEa8LW0bEC9hvZpC01v+eUKflQnZl+T+J7g6EsNr7wyy/EPzr9XA:hqhy8VKU3hvZUy+ppHEsuB/cBQ
                                                                                                                                                                                                                                        MD5:60E8C139E673B9EB49DC83718278BC88
                                                                                                                                                                                                                                        SHA1:00A3A9CD6D3A9F52628EA09C2E645FE56EE7CD56
                                                                                                                                                                                                                                        SHA-256:B181B6B4D69A53143A97A306919BA1ADBC0B036A48B6D1D41AE7A01E8EF286CB
                                                                                                                                                                                                                                        SHA-512:AC7CB86DBF3B86F00DA7B8A246A6C7EF65A6F1C8705EA07F9B90E494B6239FB9626B55EE872A9B7F16575A60C82E767AF228B8F018D4D7B9F783EFACCCA2B103
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x.....V...V...V:i.W...V:i.WR..V.q.W...V.q.W...V.q.W...V:i.W...V:i.W...V:i.W...V...V&..Vup.W...Vup.W...VupFV...V...V...Vup.W...VRich...V................PE..L......e...........!.....<...X......Q........P...........................................@..........................G.......L..........x............|..pW...........<..T............................<..@............P..0............................text....:.......<.................. ..`.rdata.......P.......@..............@..@.data...4$...`.......N..............@....rsrc...x............X..............@..@.reloc...............^..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI2718.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):705
                                                                                                                                                                                                                                        Entropy (8bit):5.453032346703355
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:EgYo0LBc8IeDfz304hR4CdqRHtvyIcj//s304hRP/fNEhHmX/qHXZNDUSEMszVlW:30LBcg3/R4CdqvyIcjc3/RSQXkXZIMEu
                                                                                                                                                                                                                                        MD5:AB83F19680759A8C10F7A80348F9BF25
                                                                                                                                                                                                                                        SHA1:10694B73E4E806435804A25E05D1CE648EFFE25D
                                                                                                                                                                                                                                        SHA-256:6F8FD6112EF622801861A5764AEACAFB2AC710A64D0E179C66B9BF7D25507CA1
                                                                                                                                                                                                                                        SHA-512:C8641002309C865527051ABEEFF52F2C23410CB8F91F43044309FD775315DD77A1C4A4CFE9CEB010E62744675563B7B405A21088FB9471D9F0849FCB08DDE786
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:...@IXOS.@.....@.=hY.@.....@.....@.....@.....@.....@......&.{C59601A1-771B-426B-A9F7-6CACCAC4DB4E}".Microsoft .NET Host - 6.0.35 (x64)..dotnet-host-6.0.35-win-x64.msi.@.....@.S.0.@.....@........&.{C44636B0-CF91-423F-8EBB-E5C6C9CC18A4}.....@.....@.....@.....@.......@.....@.....@.......@....".Microsoft .NET Host - 6.0.35 (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........RegisterProduct..Registering product..[1]i...0......PublishProduct..Publishing product information.......@.....@.....@......&.{C59601A1-771B-426B-A9F7-6CACCAC4DB4E}Q.C:\ProgramData\Package Cache\{C59601A1-771B-426B-A9F7-6CACCAC4DB4E}v48.140.21458\...@.....@.....@....

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI2786.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                        Size (bytes):250736
                                                                                                                                                                                                                                        Entropy (8bit):6.765155684437659
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:hXiqyhTO8W0iEa8LW0bEC9hvZpC01v+eUKflQnZl+T+J7g6EsNr7wyy/EPzr9XA:hqhy8VKU3hvZUy+ppHEsuB/cBQ
                                                                                                                                                                                                                                        MD5:60E8C139E673B9EB49DC83718278BC88
                                                                                                                                                                                                                                        SHA1:00A3A9CD6D3A9F52628EA09C2E645FE56EE7CD56
                                                                                                                                                                                                                                        SHA-256:B181B6B4D69A53143A97A306919BA1ADBC0B036A48B6D1D41AE7A01E8EF286CB
                                                                                                                                                                                                                                        SHA-512:AC7CB86DBF3B86F00DA7B8A246A6C7EF65A6F1C8705EA07F9B90E494B6239FB9626B55EE872A9B7F16575A60C82E767AF228B8F018D4D7B9F783EFACCCA2B103
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x.....V...V...V:i.W...V:i.WR..V.q.W...V.q.W...V.q.W...V:i.W...V:i.W...V:i.W...V...V&..Vup.W...Vup.W...VupFV...V...V...Vup.W...VRich...V................PE..L......e...........!.....<...X......Q........P...........................................@..........................G.......L..........x............|..pW...........<..T............................<..@............P..0............................text....:.......<.................. ..`.rdata.......P.......@..............@..@.data...4$...`.......N..............@....rsrc...x............X..............@..@.reloc...............^..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI52D0.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):521954
                                                                                                                                                                                                                                        Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                        MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                        SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                        SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                        SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI52D0.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):25600
                                                                                                                                                                                                                                        Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                        MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                        SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                        SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                        SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSI52D0.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI52D0.tmp-\CustomAction.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1538
                                                                                                                                                                                                                                        Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                        MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                        SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                        SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                        SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI52D0.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):184240
                                                                                                                                                                                                                                        Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                        MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                        SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                        SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                        SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI52D0.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):711952
                                                                                                                                                                                                                                        Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                        MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                        SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                        SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                        SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI52D0.tmp-\System.Management.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):61448
                                                                                                                                                                                                                                        Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                        MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                        SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                        SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                        SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI591B.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):521954
                                                                                                                                                                                                                                        Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                        MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                        SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                        SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                        SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI591B.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):25600
                                                                                                                                                                                                                                        Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                        MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                        SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                        SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                        SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSI591B.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSI591B.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI591B.tmp-\CustomAction.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1538
                                                                                                                                                                                                                                        Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                        MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                        SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                        SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                        SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI591B.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):184240
                                                                                                                                                                                                                                        Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                        MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                        SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                        SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                        SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI591B.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):711952
                                                                                                                                                                                                                                        Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                        MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                        SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                        SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                        SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI591B.tmp-\System.Management.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):61448
                                                                                                                                                                                                                                        Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                        MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                        SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                        SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                        SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI6D01.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):521954
                                                                                                                                                                                                                                        Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                        MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                        SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                        SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                        SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI6D01.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):25600
                                                                                                                                                                                                                                        Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                        MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                        SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                        SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                        SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSI6D01.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI6D01.tmp-\CustomAction.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1538
                                                                                                                                                                                                                                        Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                        MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                        SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                        SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                        SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI6D01.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):184240
                                                                                                                                                                                                                                        Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                        MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                        SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                        SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                        SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI6D01.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):711952
                                                                                                                                                                                                                                        Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                        MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                        SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                        SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                        SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI6D01.tmp-\System.Management.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):61448
                                                                                                                                                                                                                                        Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                        MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                        SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                        SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                        SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI71D5.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):437320
                                                                                                                                                                                                                                        Entropy (8bit):6.648077916254667
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:ct3jOZy2KsGU6a4Ksht3jOZy2KsGU6a4KsH:szOE2Z34KGzOE2Z34KG
                                                                                                                                                                                                                                        MD5:B439447BED4E2A8ED9CC2B1DE1D22F9A
                                                                                                                                                                                                                                        SHA1:2B4BBD700BA1630539A77D053F268F4D349A3191
                                                                                                                                                                                                                                        SHA-256:30A1273FF6ECECBE3A54DAF4499624D1F365D49808A5D771DC1BE248F2DB1EC4
                                                                                                                                                                                                                                        SHA-512:EE54AD37C168B6E3C3DE7D2CFF3100A089B63CAB6D839CF1538EF07B7F88D2EB530EBAE8EC685BDAA35816809D095667C0A029102AA75F8D7B98E3D7E106EE40
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSI71D5.tmp, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:...@IXOS.@.....@.<hY.@.....@.....@.....@.....@.....@......&.{E732A0D7-A2F2-4657-AC41-B19742648E45}..AteraAgent..gaYiWz75kv.msi.@.....@.....@.....@........&.{721AD955-79FD-4019-BBF5-9DCC4C1175BB}.....@.....@.....@.....@.......@.....@.....@.......@......AteraAgent......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........StopAteraServiceQuiet....J...StopAteraServiceQuiet.@A......M..MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[...................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI71D6.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):216496
                                                                                                                                                                                                                                        Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                        MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                        SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                        SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                        SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI7273.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):216496
                                                                                                                                                                                                                                        Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                        MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                        SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                        SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                        SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI735E.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):216496
                                                                                                                                                                                                                                        Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                        MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                        SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                        SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                        SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI8958.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):521954
                                                                                                                                                                                                                                        Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                        MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                        SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                        SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                        SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI8958.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):25600
                                                                                                                                                                                                                                        Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                        MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                        SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                        SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                        SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSI8958.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSI8958.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI8958.tmp-\CustomAction.config

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1538
                                                                                                                                                                                                                                        Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                        MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                        SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                        SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                        SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI8958.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):184240
                                                                                                                                                                                                                                        Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                        MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                        SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                        SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                        SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI8958.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):711952
                                                                                                                                                                                                                                        Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                        MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                        SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                        SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                        SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI8958.tmp-\System.Management.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):61448
                                                                                                                                                                                                                                        Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                        MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                        SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                        SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                        SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI8A01.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):521954
                                                                                                                                                                                                                                        Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                        MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                        SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                        SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                        SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI8EF3.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):521954
                                                                                                                                                                                                                                        Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                        MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                        SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                        SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                        SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSI9C62.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):521954
                                                                                                                                                                                                                                        Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                        MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                        SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                        SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                        SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSIA750.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):435966
                                                                                                                                                                                                                                        Entropy (8bit):6.651494499694154
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:ot3jOZy2KsGU6a4Ksht3jOZy2KsGU6a4Kse:AzOE2Z34KGzOE2Z34K5
                                                                                                                                                                                                                                        MD5:F4B9C5C03482A96D0EF0F99633E76CA7
                                                                                                                                                                                                                                        SHA1:89AFA371F1221FDA2512ADD9D0314BE64767CAF3
                                                                                                                                                                                                                                        SHA-256:7A8316A1D00D22C4F8CEE3F1FBBB0979993F44B4890035A8121B5493723F94FB
                                                                                                                                                                                                                                        SHA-512:6A35629B8BB01B3D1C72DEAC228563DE60E462B1BC7AFDB06025214018E1DA1FCC93BF6F3E458E2571F08EAF31C62E7BA7785AD60F932571BC023ADDA7610980
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSIA750.tmp, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:...@IXOS.@.....@.<hY.@.....@.....@.....@.....@.....@......&.{E732A0D7-A2F2-4657-AC41-B19742648E45}..AteraAgent..gaYiWz75kv.msi.@.....@.....@.....@........&.{721AD955-79FD-4019-BBF5-9DCC4C1175BB}.....@.....@.....@.....@.......@.....@.....@.......@......AteraAgent......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........InstallInitialize......&.{18F64F52-CE08-434F-A5F1-7A8A39D59EEA}....&.{721AD955-79FD-4019-BBF5-9DCC4C1175BB}c.&.{18F64F52-CE08-434F-A5F1-7A8A39D59EEA}............StopAteraServiceQuiet....J...StopAteraServiceQuiet.@A......M..MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@....................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSIA770.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):216496
                                                                                                                                                                                                                                        Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                        MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                        SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                        SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                        SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSIA9F1.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):216496
                                                                                                                                                                                                                                        Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                        MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                        SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                        SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                        SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSIAA9E.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):216496
                                                                                                                                                                                                                                        Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                        MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                        SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                        SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                        SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSIC28C.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):437217
                                                                                                                                                                                                                                        Entropy (8bit):6.647798071705752
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:Jt3jOZy2KsGU6a4Kspt3jOZy2KsGU6a4KsNm:nzOE2Z34K+zOE2Z34Kem
                                                                                                                                                                                                                                        MD5:3356B8A392582B002BE1C9BDF42FF540
                                                                                                                                                                                                                                        SHA1:6C00C9ABC25EC1C9B851A209850A29AA3F29D360
                                                                                                                                                                                                                                        SHA-256:89F7883919227993C1C951380BA5B7CD586B58961BB0DC98DFD0BD3F8D8EAB3F
                                                                                                                                                                                                                                        SHA-512:5055E5E08B9C3D50F4D240C8CFD7BBF6FE57525FC895DB9B521A781655085BD4C54E7612140B9FD180DEC64C99CF7C02046624D162D10D2F2DF0F1E21DEF7334
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSIC28C.tmp, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:...@IXOS.@.....@.<hY.@.....@.....@.....@.....@.....@......&.{6B2921FF-79C1-4EBF-81B4-C606D4E5BEF4}..AteraAgent..ateraAgentSetup64_1_8_7_2.msi.@.....@.....@.....@........&.{911E9E2F-B38D-4D02-A148-5E49FC9D8943}.....@.....@.....@.....@.......@.....@.....@.......@......AteraAgent......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........StopAteraServiceQuiet....J...StopAteraServiceQuiet.@A......M..MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[....

                                                                                                                                                                                                                                        C:\Windows\Installer\MSIC28D.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):216496
                                                                                                                                                                                                                                        Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                        MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                        SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                        SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                        SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSIC369.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):216496
                                                                                                                                                                                                                                        Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                        MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                        SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                        SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                        SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSIC3C8.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):216496
                                                                                                                                                                                                                                        Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                        MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                        SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                        SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                        SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSICB0C.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):521954
                                                                                                                                                                                                                                        Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                        MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                        SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                        SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                        SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSIDBE6.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):250736
                                                                                                                                                                                                                                        Entropy (8bit):6.765155684437659
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:hXiqyhTO8W0iEa8LW0bEC9hvZpC01v+eUKflQnZl+T+J7g6EsNr7wyy/EPzr9XA:hqhy8VKU3hvZUy+ppHEsuB/cBQ
                                                                                                                                                                                                                                        MD5:60E8C139E673B9EB49DC83718278BC88
                                                                                                                                                                                                                                        SHA1:00A3A9CD6D3A9F52628EA09C2E645FE56EE7CD56
                                                                                                                                                                                                                                        SHA-256:B181B6B4D69A53143A97A306919BA1ADBC0B036A48B6D1D41AE7A01E8EF286CB
                                                                                                                                                                                                                                        SHA-512:AC7CB86DBF3B86F00DA7B8A246A6C7EF65A6F1C8705EA07F9B90E494B6239FB9626B55EE872A9B7F16575A60C82E767AF228B8F018D4D7B9F783EFACCCA2B103
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x.....V...V...V:i.W...V:i.WR..V.q.W...V.q.W...V.q.W...V:i.W...V:i.W...V:i.W...V...V&..Vup.W...Vup.W...VupFV...V...V...Vup.W...VRich...V................PE..L......e...........!.....<...X......Q........P...........................................@..........................G.......L..........x............|..pW...........<..T............................<..@............P..0............................text....:.......<.................. ..`.rdata.......P.......@..............@..@.data...4$...`.......N..............@....rsrc...x............X..............@..@.reloc...............^..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\MSIDD5E.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):84904
                                                                                                                                                                                                                                        Entropy (8bit):5.644759289375035
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:gfsMvnDNVt3Hss+bEQjDhvBfHkuMfw9HcISmiWessgt7S2tsMv2XsP4G3IJ7k3NQ:msMvnnN+bx3IW3u
                                                                                                                                                                                                                                        MD5:68CC525F99DE26593CE314AC6FF857E3
                                                                                                                                                                                                                                        SHA1:69522D30A01C74204439ACFE7C2E69DE60FD112D
                                                                                                                                                                                                                                        SHA-256:6C6A774647B4EC4E7379678999C802EAA70812C391B61CEB2ECBB48EF594A67F
                                                                                                                                                                                                                                        SHA-512:8D69E11C7CDAEBC77390FC3EE02D00BD27AA8B3623ECB3374B0F03885E0B1BE28F80D2B62F8E8B549E0EABD1685D664B34653497508701594D15349942E70B6A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:...@IXOS.@.....@.<hY.@.....@.....@.....@.....@.....@......&.{C79F6EEC-3A2B-487D-A3B6-EDF4057B4E4B}%.Microsoft .NET Runtime - 6.0.35 (x64)!.dotnet-runtime-6.0.35-win-x64.msi.@.....@.S.0.@.....@........&.{76657AF8-AF4E-4FA9-9A39-80AC267D9B11}.....@.....@.....@.....@.......@.....@.....@.......@....%.Microsoft .NET Runtime - 6.0.35 (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{BCDE6883-BAB7-54AB-B504-D8C3F75FDB2A}S.02:\Software\Classes\Installer\Dependencies\dotnet_runtime_48.140.21458_x64\Version.@.......@.....@.....@......&.{F621578B-E081-5FC4-B0C5-A151B816DC51}D.C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\.version.@.......@.....@.....@......&.{B0658A77-9697-57AB-AEF0-C49F5788A264}^.C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-console-l1-1-0.dll.@.......@.....@.....@......&.{120A93F0-81ED-50CA-84

                                                                                                                                                                                                                                        C:\Windows\Installer\MSIEBF.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):250736
                                                                                                                                                                                                                                        Entropy (8bit):6.765155684437659
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:hXiqyhTO8W0iEa8LW0bEC9hvZpC01v+eUKflQnZl+T+J7g6EsNr7wyy/EPzr9XA:hqhy8VKU3hvZUy+ppHEsuB/cBQ
                                                                                                                                                                                                                                        MD5:60E8C139E673B9EB49DC83718278BC88
                                                                                                                                                                                                                                        SHA1:00A3A9CD6D3A9F52628EA09C2E645FE56EE7CD56
                                                                                                                                                                                                                                        SHA-256:B181B6B4D69A53143A97A306919BA1ADBC0B036A48B6D1D41AE7A01E8EF286CB
                                                                                                                                                                                                                                        SHA-512:AC7CB86DBF3B86F00DA7B8A246A6C7EF65A6F1C8705EA07F9B90E494B6239FB9626B55EE872A9B7F16575A60C82E767AF228B8F018D4D7B9F783EFACCCA2B103
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x.....V...V...V:i.W...V:i.WR..V.q.W...V.q.W...V.q.W...V:i.W...V:i.W...V:i.W...V...V&..Vup.W...Vup.W...VupFV...V...V...Vup.W...VRich...V................PE..L......e...........!.....<...X......Q........P...........................................@..........................G.......L..........x............|..pW...........<..T............................<..@............P..0............................text....:.......<.................. ..`.rdata.......P.......@..............@..@.data...4$...`.......N..............@....rsrc...x............X..............@..@.reloc...............^..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\SourceHash{6B2921FF-79C1-4EBF-81B4-C606D4E5BEF4}

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                        Entropy (8bit):1.1726669473570803
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:JSbX72FjCAGiLIlHVRpIh/7777777777777777777777777vDHFzTPrfWrl0i8Q:JEQI5wBTr/F
                                                                                                                                                                                                                                        MD5:EDF048350534F1191E4A5B293C809AB5
                                                                                                                                                                                                                                        SHA1:5A00F83515C50FBBBE259D21FCBC0F2B06C8E3DC
                                                                                                                                                                                                                                        SHA-256:2E3188C5004B83A1E18306B261C9917E67B851572E092A83102D5BBAEE6E00D0
                                                                                                                                                                                                                                        SHA-512:AAABC1C8431D902CD9A0E1CF33239781206873B2C7A0DF6B285116DEFE12D9E8B1214A0CB5BE9E6A77F912CE62EC203F279978E6F2836B6220BEB04AD5B7B04D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\SourceHash{C59601A1-771B-426B-A9F7-6CACCAC4DB4E}

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                        Entropy (8bit):1.1725906748841228
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:JSbX72FjMRAGiLIlHVRpph/7777777777777777777777777vDHFw6CbWl0i8Q:JwQI5d5CXF
                                                                                                                                                                                                                                        MD5:1A1BB38BB25BBF86B361D4A8004BB40B
                                                                                                                                                                                                                                        SHA1:9B587A8425260DDB04AE338992864CBF23DFAA7A
                                                                                                                                                                                                                                        SHA-256:289A4C028C2720DA504A2D60BD123E15E87D41E047F0DACF56ADE51F42C7B808
                                                                                                                                                                                                                                        SHA-512:DA6070B24F115F6AD152435AC4C8C716CB23236908DB9DE8C5B3A37ACAA2DB8728DB2E01FBF92F7A5A188186136054C08B9937633C41A3A2B30EF41220A5D44B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\SourceHash{C79F6EEC-3A2B-487D-A3B6-EDF4057B4E4B}

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                        Entropy (8bit):1.1750224213489382
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:JSbX72FjSAGiLIlHVRpUh/7777777777777777777777777vDHFxgIjNxKR/Xl0G:JUQI5E5NxKJ6F
                                                                                                                                                                                                                                        MD5:2C0AC0A1D0543AE66A10B562FAC8CEF7
                                                                                                                                                                                                                                        SHA1:CEF27DC92030E299A70080F1E8998F699B33B7B5
                                                                                                                                                                                                                                        SHA-256:9666C3E872E35003909A50FB28796B2583573A8D24F712301E3FDEA1FFE52B6A
                                                                                                                                                                                                                                        SHA-512:99CBF17440AE116A807D438127C04577B8DAD3F8B62C630AF0B5064287F4FEE4785E7C527EF4478C2F9060991EC257ECD66BD35D58888A5A3ED716DC7E295A09
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\SourceHash{E732A0D7-A2F2-4657-AC41-B19742648E45}

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                        Entropy (8bit):1.1648911594796059
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:JSbX72FjkKQAGiLIlHVRpZh/7777777777777777777777777vDHFfAJua9AFbiV:JaKQQI5t87iF
                                                                                                                                                                                                                                        MD5:95D0F59FEC359CD43B35C3341CCA66AC
                                                                                                                                                                                                                                        SHA1:8B5A07528B2999B1B96416C10C25254313FDD07F
                                                                                                                                                                                                                                        SHA-256:23C0DFCD2C1F69C9AEAF0F652B34F7C1D63C9C9C5CBCCF7D38FDDDCAD847097F
                                                                                                                                                                                                                                        SHA-512:B41C2FE569643853D0AF53FED0653384F6E43DC5543A25FAD60A22A9BBEEC05B464AF047AAE89428D10EF90DB0AF5E6E4A60759D5A2AEC999D884C25C654F962
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\SourceHash{E91F8AC1-4917-455E-AACA-B40B193C7A62}

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                        Entropy (8bit):1.1745049397699385
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:JSbX72FjAAGiLIlHVRpUh/7777777777777777777777777vDHFjfIaqR/Xl0i8Q:JyQI5ElIaqJ6F
                                                                                                                                                                                                                                        MD5:73ECD00E37308ED0D66E961A48061D49
                                                                                                                                                                                                                                        SHA1:5B6F14E0F4EBAE3F1BC2B20610454D67187CAE75
                                                                                                                                                                                                                                        SHA-256:E18C51938A861580821439A34DADA3E3FD5A5EAFBB775EB492F5A3DB9D680608
                                                                                                                                                                                                                                        SHA-512:6B11F69A4C2E4183F6E907D71821B285B0060E52A90A1297BA1FBC0069B9C7AD2C4D1986254E349A36C69ECD3CF06F5E9C211F924FE235AA8DC1C735DC02AABC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                        Entropy (8bit):1.6075139429602279
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:28Ph4uRc06WXzAFT5OBddWxxOSjndd4d/EqdpADgbQKSsndd4dNWeUJC:Jh411FTIdWx09Z/NXe9
                                                                                                                                                                                                                                        MD5:A8F96EDEF5C00506B0B320B04913799B
                                                                                                                                                                                                                                        SHA1:A098B0AA17B96694CEB1E6881F5E58C63C9FC5EE
                                                                                                                                                                                                                                        SHA-256:4F29A55CE67DA9E79BDAF54E433DE4EBF8A6F93107CB520B0D2FA853A491E7AD
                                                                                                                                                                                                                                        SHA-512:155C4A8414B80672CA4F3891BF3BEE4EA8E004A64DEAC51497CB359BFFA25CCDA650792125BE42D3EC5A5183FCCE9CB592041F5323DCD57FED26C2CCED046C0C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):364484
                                                                                                                                                                                                                                        Entropy (8bit):5.3655081876758075
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauE:zTtbmkExhMJCIpE3
                                                                                                                                                                                                                                        MD5:0048621EDB0F23575845B8E4CD8A85A0
                                                                                                                                                                                                                                        SHA1:4F509F72CFD26E045356A04FB9E409588D59E3E9
                                                                                                                                                                                                                                        SHA-256:BAC40BE7F38AB442BD37FB5A3DE8AF7D71384A77E3CB19DA1140E9A183B8F0DD
                                                                                                                                                                                                                                        SHA-512:02FFB9C2E9B71DAC51CE3B028074852385A454FB6FECA393F90A5A4C66F6618733A7FF7FFFEEB9DF72C69B195E0B2D1867F1D9B88FACBC681A72CE8A5D0B1513
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                                                                                                                        C:\Windows\System32\InstallUtil.InstallLog

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):704
                                                                                                                                                                                                                                        Entropy (8bit):4.805280550692434
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:tIDRFK4mAX7RBem7hccD+PRem7hUhiiGNGNdg6MhgRBem7hccD+PRem7hUGNGNkm:Us43XVBVhcmMRVhMipNVeBVhcmMRVhro
                                                                                                                                                                                                                                        MD5:EF51E16A5B81AB912F2478FE0A0379D6
                                                                                                                                                                                                                                        SHA1:B0F9E2EE284DD1590EA31B2D3AD736D77B9FC6A7
                                                                                                                                                                                                                                        SHA-256:2C5D5397CEDF66DB724FED7FB4515B026A894F517A0DFBE8AE8ADF52DB61AA22
                                                                                                                                                                                                                                        SHA-512:296A11DB55BFEE7D87897BB63BC9E2C05786D3FD73A894DA5AF76F7A756495C6CCC0959C88844DFB5560DE2374A257201D960E004EC09D8C9DFB50952C5EF2D2
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\System32\InstallUtil.InstallLog, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\System32\InstallUtil.InstallLog, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:...Running a transacted installation.....Beginning the Install phase of the installation...See the contents of the log file for the C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe assembly's progress...The file is located at C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog.....The Install phase completed successfully, and the Commit phase is beginning...See the contents of the log file for the C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe assembly's progress...The file is located at C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog.....The Commit phase completed successfully.....The transacted install has completed...

                                                                                                                                                                                                                                        C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):471
                                                                                                                                                                                                                                        Entropy (8bit):7.195984909074457
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:JyYO25GLsHt2Z5OKjOL+0BWlm+GNb3MkSl:JRO2ILsNUOL+0BWlJN
                                                                                                                                                                                                                                        MD5:7795DF33FC7DD3AA62E0BC052F9DFBAD
                                                                                                                                                                                                                                        SHA1:EA227EC994561B5BCE01C5228F9C337286FBEC9C
                                                                                                                                                                                                                                        SHA-256:6AD47D714F3DD55B2FE9072E829542851D2ECF60CB88254002C60449E8ACA736
                                                                                                                                                                                                                                        SHA-512:DE11027F0CA32119EBBB17976ECBE6582AB6AF8CAA7CE522D75C4185DA722550F1F981064DB9BE6074EB1C6C096C933C2DE7EE42B1F31B4FEDC9982F87157F9D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:0..........0.....+.....0......0...0......E....1-Q...!..m....20241107190516Z0s0q0I0...+...........@..D3=?..Mn8...Q..E....1-Q...!..m..........-...P..@.Z....20241107190516Z....20241114190516Z0...*.H..............\%h......B.q.?..,7..O2@.Z9.Q.~6..b..........vo...(['.Qr...0..\..d.3c.o....A6......w.*.....R.......<mN(..q....F..C.q(...o.p.........%.'.T.j./.+....)4.}'..V..&H.PL...a...X.X@7.,0 .....'T>.P@V.....$..W...^b.y<z0.........".f...(U.w.).'!..6R.ve

                                                                                                                                                                                                                                        C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):727
                                                                                                                                                                                                                                        Entropy (8bit):7.538244021680764
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:5o6Tq93k5h44TUqpqeLDTeV2ZeqhBwAksO9b8Sq0PtlRHwX6KluyUwVKvfsIg66:5hoqbyVs5ksO9btTPhdby8cBR
                                                                                                                                                                                                                                        MD5:29DD7378778C44788BAC45D70EA7B440
                                                                                                                                                                                                                                        SHA1:7A3C5E30C0C9A9BE505B18FD2C24422D5E3DBE56
                                                                                                                                                                                                                                        SHA-256:69354FF510301B85C14CC1ECD0E5B3C98308B820CFBCE483389A7B9A437F67D5
                                                                                                                                                                                                                                        SHA-512:9E67BEE1AE05B0F2408210A6662926CC9DA6EE2864820A4704ADFFAE9DD78B80E79EE32E83F5A5E35BED9603E82795A38570D56CC93384B82DC6254940079FE7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:0..........0.....+.....0......0...0......h7..;._....a{..e.NB..20241107213702Z0s0q0I0...+.........]....^Idk...NG.X....h7..;._....a{..e.NB...(I.x...#...R....20241107212102Z....20241114202102Z0...*.H.............'....P0.......<..Y.xj.H.......Y..0.......{9$^.....>...W;...?.....xD/-H.Xj. p.z......;]..1v..Kpv.....X...Hz...6.(P.J_..<.e...a.U@..wK.QO...R....Qs..K.w.t~. .-D)..1$.........U..%..*....$8:.*'x...@.Q.X..w.g.t:..(.M.2.......~.t.Y.5...|.m.....+..)$....L.b....\(...2.i...t..@.lUX...=......o..jq1..~W.GQH.-.b.....@{..x.k..J=.g...Sd..].H.(.'5A..@h,./..)..e.!..$..;[..`..X...<.c..._4c.3..QG.....Uz.<S~J.4;...[.T.....#.r=..m*... ?..=jr~.....E6.O...Z...=t.......w.....9.>...Z56l..$..]....%.B2#.)%4o.d!.:

                                                                                                                                                                                                                                        C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BA74182F76F15A9CF514DEF352303C95

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):737
                                                                                                                                                                                                                                        Entropy (8bit):7.563362083389209
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:yeRLaWQMnFQlRA77FfByPW0paxHDrANafzNmklodcdnheT7ohULbnTpl6O7Ju9jc:y2GWnS67tH3ANYpbXdnhem6eO7JuBKpJ
                                                                                                                                                                                                                                        MD5:3B102160AD2A5AA14A1E47A09F94325A
                                                                                                                                                                                                                                        SHA1:73BCD80D9015CD4F2CAD794AFB0F270D5B1BDFA6
                                                                                                                                                                                                                                        SHA-256:83CA24FBDAAEC43B044AAD16FAA0F169862BFEDDF11FD1048871ADCB62F94CDD
                                                                                                                                                                                                                                        SHA-512:76CA695F636CB888D5B905413E592AB054D2E7171D543EFCFD3825643A39E8095EAFE834B54CEC67927F921B2B75C58C47DA0027652BFBE1AC9F5A1BBB20111A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:0...0.....0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G4..241105210859Z..241126210859Z.00.0...U.#..0.......q]dL..g?....O0...U........0...*.H.............j.6'~w.5.l......*6......M.;R..!.~..&z.x..-.C..%....?.\dv...A.............Uk...a...........eb....u.@..Y..&.......6.H9....'./...$.IUE|.A|G'.,..1N.1m.hm..=......U....cu..o..^xc.A...<{#P......H...v...'...V....wj.a.i.W.M.EPvz1(,.3.....3E.....\...).<Zrh......n8...w.>.....;..@#,.<.{...v..4...t*...;.9.....ib.4..m}8.bS....*[w.R.=7........BR.Q&\.7]...1.'.....:P..}^ ..$......=!.W.I.."......Y..4..>q....r.%..1..6..);........5$N..*r..7.+{p}.....~.7@4....%.........p.Z.b..m..;.7.4/G.C;.-Z...M.Oc:.

                                                                                                                                                                                                                                        C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:Certificate, Version=3
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1716
                                                                                                                                                                                                                                        Entropy (8bit):7.596259519827648
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:GL3d+gG48zmf8grQcPJ27AcYG7i47V28Tl4JZG0FWk8ZHJ:GTd0PmfrrQG28cYG28CEJ
                                                                                                                                                                                                                                        MD5:D91299E84355CD8D5A86795A0118B6E9
                                                                                                                                                                                                                                        SHA1:7B0F360B775F76C94A12CA48445AA2D2A875701C
                                                                                                                                                                                                                                        SHA-256:46011EDE1C147EB2BC731A539B7C047B7EE93E48B9D3C3BA710CE132BBDFAC6B
                                                                                                                                                                                                                                        SHA-512:6D11D03F2DF2D931FAC9F47CEDA70D81D51A9116C1EF362D67B7874F91BF20915006F7AF8ECEBAEA59D2DC144536B25EA091CC33C04C9A3808EEFDC69C90E816
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:0...0............@.`.L.^.....0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...210429000000Z..360428235959Z0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA10.."0...*.H.............0........./B.(.x.].9Y...B.3..=..p..&0...h.\..4$..KO.xC........g.RO..W.......>Mp$d....}4}L.W.kC....;....GZ..L.. %............e....I5.=Q..!xE...,.......IpB2......eh..ML..HRh....W]...e...O.,H.V.5........7.....|...2........t..9..`.....1.......#GG...n..m.....jg-.D......;...2Z..j`T.I....\.o.&....8........o.a4\..E(.6*f(_.s.&%....\...L.b.^3........+..6y.....u.e..HP.w....P.F.aX..|..<.(.9....S..G.u0..0.v..[K]taM?..v.X.r.)A...m&vh.A.X..&+..MY.x.J>@G_.Ps..#!Y`.dT..!..8.|f..x8E0.O.cOL....SA|X=G....2...l<.V.........Y0..U0...U.......0.......0...U......h7..;._....a{..e.NB0...U.#..0.......q]dL..g?....O0...U...........0...U.%..0...+.......0w..+........k0i0$..+.....0...http:/

                                                                                                                                                                                                                                        C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):727
                                                                                                                                                                                                                                        Entropy (8bit):7.562070540258883
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:5onfZSc5RlRtBfQwRhs5vCZgPVrVJEYbw7OIiVFQlb8PjcNCUAnqr/E:5i8cdZTRhG+gPZPfIgMb8PjcNCa/E
                                                                                                                                                                                                                                        MD5:EB9A1D98CC4B6AC3D674A6621DF5A758
                                                                                                                                                                                                                                        SHA1:5E9BC182D48B8E86A61D8A3F4B5ADD9C88DA6800
                                                                                                                                                                                                                                        SHA-256:20D856D68DBA3E2246EBB62A5EAEDCEFDA221ACCFA1B9362B33AFAD33B6E48C7
                                                                                                                                                                                                                                        SHA-512:1054D82E5E1B2F2C1416D31F01FF2C172ACA8DCC31A622CDD959F918B78A474BD9B40A9B7316122A8262FAC24D6236860E2EADD665030A61D56C5C0A153F81C7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:0..........0.....+.....0......0...0..........q]dL..g?....O..20241107184215Z0s0q0I0...+........."..;F..=\@ua..........q]dL..g?....O....@.`.L.^........20241107184215Z....20241114184215Z0...*.H.............t.yl..<Y.&4S...*..).G...s.X.S.x....)l.ng.Jpe....-...}@....|.....J.\#(....]..}.......k/.a..v.I.w...6.W.`{.D..z.%.c.T".p....\....CX..L...u.n...6t.6..1W....f....m6.W....?..N...d.Q..1...H+..k..A.X..../&a.I....#..)..h.*.'..@...'s.~.i.X"...w.B...P\.K..3..V.5...A.-l..#.V...i...\.)=..G.ob....o............eTi.1...)k..+.e.?. :.X.0^.k.4.;.....S8....\.K.w#q..._m.F....(^.......}.\.}?...W....T.......)..#..{6QC...'....=....f.....>........{}.k..\...*.i.....e..F..1&.%.U.aAO....k....<....p?S.

                                                                                                                                                                                                                                        C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:Certificate, Version=3
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1428
                                                                                                                                                                                                                                        Entropy (8bit):7.688784034406474
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:nIGWnSIGWnSGc9VIyy0KuiUQ+7n0TCDZJCCAyuIqwmCFUZnPQ1LSdT:nIL7LJSRQ+QgAyuxwfynPQmR
                                                                                                                                                                                                                                        MD5:78F2FCAA601F2FB4EBC937BA532E7549
                                                                                                                                                                                                                                        SHA1:DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
                                                                                                                                                                                                                                        SHA-256:552F7BDCF1A7AF9E6CE672017F4F12ABF77240C78E761AC203D1D9D20AC89988
                                                                                                                                                                                                                                        SHA-512:BCAD73A7A5AFB7120549DD54BA1F15C551AE24C7181F008392065D1ED006E6FA4FA5A60538D52461B15A12F5292049E929CFFDE15CC400DEC9CDFCA0B36A68DD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:0...0..x..........W..!2.9...wu\0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...130801120000Z..380115120000Z0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40.."0...*.H.............0..........sh..]J<0"0i3..%..!=..Y..).=X.v..{....0....8..V.m...y....._..<R.R....~...W.YUr.h.p..u.js2...D.......t;mq.-... .. .c)-..^N..!a.4...^.[......4@_.zf.w.H.fWW.TX..+.O.0.V..{]..O^.5.1..^......@.y.x...j.8.....7...}...>..p.U.A2...s*n..|!L....u]xf.:1D.3@...ZI...g.'..O9..X..$\F.d..i.v.v=Y]Bv...izH....f.t..K...c....:.=...E%...D.+~....am.3...K...}....!........p,A`..c.D..vb~.....d.3....C....w.....!..T)%.l..RQGt.&..Au.z._.?..A..[..P.1..r."..|Lu?c.!_. Qko....O..E_. ........~.&...i/..-............B0@0...U.......0....0...U...........0...U..........q]dL..g?....O0...*.H..............a.}.l.........dh.V.w.p...J...x\.._...)V.6I]Dc...f.#.=y.mk.T..<.C@..P.R..;...ik.

                                                                                                                                                                                                                                        C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):338
                                                                                                                                                                                                                                        Entropy (8bit):3.453887774916514
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:kK083yJFN+SkQlPlEGYRMY9z+s3Ql2DUevat:cCxkPlE99SCQl2DUevat
                                                                                                                                                                                                                                        MD5:79D37A2FB020218906C6C220E29F0BA9
                                                                                                                                                                                                                                        SHA1:B532E73A32D69BFDCEAD81564D94A3D78B261F2B
                                                                                                                                                                                                                                        SHA-256:BC0F32D3C63FF3932876C41F8571D9ADFDF0A526F82A5AFE5044A5D9E0AC39ED
                                                                                                                                                                                                                                        SHA-512:A55A21518B1042AA9F8FCE6F2A64E7B3F3DDC756DAC01A43482782055E078DDFCB0930AED545DB8F1328562A3F3207AF796289A383A9175A185747855D588F27
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:p...... ........).m..1..(.................................................L#... .........p.........$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".7.4.6.7.8.7.a.3.f.0.d.9.1.:.0."...

                                                                                                                                                                                                                                        C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):400
                                                                                                                                                                                                                                        Entropy (8bit):3.944557569898237
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:kKo3UItll3f/s07lXlRNfOAUMivhClroFzCJCgO3lwuqDnlyQ4hY5isIlQhZgJn:Q3UItvfrzmxMiv8sFzD3quqDkPh8Y2ZM
                                                                                                                                                                                                                                        MD5:FBCE89B493EF80185668CCE9E762BB5E
                                                                                                                                                                                                                                        SHA1:6017BBB18C529785776AA8C72A0CA84EC991D56E
                                                                                                                                                                                                                                        SHA-256:50AFD92EBEF37E60D32AB22BF0486C022A127776CD0FA2FF258309DA60AA0A7B
                                                                                                                                                                                                                                        SHA-512:0E43172698A017750B8A7BA5C9BC17689231363AF2D1CD299E09231E78E84E42F4F1A0FFE2730CBE1AE18FF6F5B1E5F689EB9EE8462BE23A4C2D1597F598C3CC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:p...... .........V.(.1..(................~..G1.....#.6.....................#.6.. ........$...1.. ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.3.x.L.4.L.Q.L.X.D.R.D.M.9.P.6.6.5.T.W.4.4.2.v.r.s.U.Q.Q.U.R.e.u.i.r.%.2.F.S.S.y.4.I.x.L.V.G.L.p.6.c.h.n.f.N.t.y.A.8.C.E.A.6.b.G.I.7.5.0.C.3.n.7.9.t.Q.4.g.h.A.G.F.o.%.3.D...

                                                                                                                                                                                                                                        C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):404
                                                                                                                                                                                                                                        Entropy (8bit):3.9151012216884293
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:kK3zIVGP/lD3s7yfOAUMivhClroFHXHDZA6liyZlSlMul0bg3PWovy28lhl+Ksc8:E8cymxMiv8sF3HtllJZIvOP205scn8
                                                                                                                                                                                                                                        MD5:2DC2C89DD5B0F5D0698CFA5C240E40C1
                                                                                                                                                                                                                                        SHA1:2985C60DA9F0B8B9B8B1C81E6D7B0F8E81CFF69D
                                                                                                                                                                                                                                        SHA-256:68D41EC9A76F17A102D0E99A482A9213C94737B438BCFCDB727A00E12F430E7A
                                                                                                                                                                                                                                        SHA-512:CB63E4C6B5579520569F5B420EC03FBB25D8E80B6BB24E4BEF3FD44C7E8C0E39B4F6548AAF62A6EEEE2E1C861D74A83739685E3DFC8D1B53967AD41155CD7D03
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:p...... .... ....;.;.1..(................sT.Z1...Kt..6...................Kt..6.. ........dh..1.. ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.S.R.X.e.r.F.0.e.F.e.S.W.R.r.i.p.T.g.T.k.c.J.W.M.m.7.i.Q.Q.U.a.D.f.g.6.7.Y.7.%.2.B.F.8.R.h.v.v.%.2.B.Y.X.s.I.i.G.X.0.T.k.I.C.E.A.o.o.S.Z.l.4.5.Y.m.N.9.A.o.j.j.r.i.l.U.u.g.%.3.D...

                                                                                                                                                                                                                                        C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BA74182F76F15A9CF514DEF352303C95

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):248
                                                                                                                                                                                                                                        Entropy (8bit):3.044122719613611
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:kkFkli+M1fllXlE/xPDllJtINRR8WXdA31y+NW0y1YbXKw+l1M7GlXVdlAlM1AWt:kKVMPD/8FAUSW0PTKDXM6laUJ
                                                                                                                                                                                                                                        MD5:B8E3C18BAA3F9022D9B48A2EF4A63159
                                                                                                                                                                                                                                        SHA1:898AB99C94A37DF57C2A2C3D4455A886FB7C0278
                                                                                                                                                                                                                                        SHA-256:9B1F759103AA51EA9323AA80DA52F72C36AFDA0870159798BBC06F1DA93BF338
                                                                                                                                                                                                                                        SHA-512:540476FA1B4F4D78F537F6864C8F6A0D90FE99ECFED0E4ECD28308BE738696ADEB39E9378C664A69B73C042185398DE37A5B6089298613F01AB682801840226C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:p...... ....f......;.1..(....................................................... ..........,./.. ...................h.t.t.p.:././.c.r.l.3...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.R.o.o.t.G.4...c.r.l...".6.7.2.a.9.8.e.d.-.2.e.1."...

                                                                                                                                                                                                                                        C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):308
                                                                                                                                                                                                                                        Entropy (8bit):3.2131444407465524
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:kK+qzNcalgRAOAUSW0P3PeXJUwh8lmi3Y:AtWOxSW0P3PeXJUZY
                                                                                                                                                                                                                                        MD5:32B7514C55D5CD81D87B24D97829E7C9
                                                                                                                                                                                                                                        SHA1:2AE22A5F887CB134DDC7A728950571465B18DA94
                                                                                                                                                                                                                                        SHA-256:730435E35EC74CE270AD78516D947FEFB4152491279387A652F1DC58D5E876F1
                                                                                                                                                                                                                                        SHA-512:CF5228FDD9CA89EA26D430B5173FCC9B42C5F196DA2C1CC961DDAAC133A487A4AE4FDB5F81C6DAEE8A4B6BDBEFE5A2C3BBC36F6A5D78783970F39774DEA5856D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:p...... .........X'I.1..(....................................................... ........}.-@@......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.G.4.C.o.d.e.S.i.g.n.i.n.g.R.S.A.4.0.9.6.S.H.A.3.8.4.2.0.2.1.C.A.1...c.r.t...".6.0.9.0.3.0.2.2.-.6.b.4."...

                                                                                                                                                                                                                                        C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):412
                                                                                                                                                                                                                                        Entropy (8bit):3.969224918914445
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:kKkF+UQPlph1tswdyfOAUMivhClroFfJSUm2SQwItJqB3UgPSgakZdPolRMnOlA4:JVhhdymxMiv8sFBSfamB3rbFURMOlAkr
                                                                                                                                                                                                                                        MD5:60168D82FEAE1096D9F08575AA67BCBC
                                                                                                                                                                                                                                        SHA1:E255C2E2758DFCDB3C93A12816ED5374356CEB61
                                                                                                                                                                                                                                        SHA-256:B5E915633EF3666897C671B2B3D8B6E0968801622212C0AB35F1C4F42C20E3DA
                                                                                                                                                                                                                                        SHA-512:AAD04AF4A0667A5700658CC28EFBD21EC975C40F4B3525E9583614814CF5848576F2F0AA9CED3FD8C7116D8184529451A0F359D3F525D8EBE6D36875D066C76B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:p...... ....(......:.1..(...................D1......6......................6.. ............1.. ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.f.I.s.%.2.B.L.j.D.t.G.w.Q.0.9.X.E.B.1.Y.e.q.%.2.B.t.X.%.2.B.B.g.Q.Q.U.7.N.f.j.g.t.J.x.X.W.R.M.3.y.5.n.P.%.2.B.e.6.m.K.4.c.D.0.8.C.E.A.i.t.Q.L.J.g.0.p.x.M.n.1.7.N.q.b.2.T.r.t.k.%.3.D...

                                                                                                                                                                                                                                        C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):254
                                                                                                                                                                                                                                        Entropy (8bit):3.052898866971229
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:kKB4LDcJgjcalgRAOAUSW0PTKDXMOXISKlUp:54LYS4tWOxSW0PAMsZp
                                                                                                                                                                                                                                        MD5:20EF2903A29194902BB1106B1E044961
                                                                                                                                                                                                                                        SHA1:41E92A989B7654ECEA98C7EF2F715309FE8C3088
                                                                                                                                                                                                                                        SHA-256:920747FFBFD602BE5F609E4D2275C09E28D8266034916EB1B9198D23324CB08F
                                                                                                                                                                                                                                        SHA-512:6BFCB02EFA07878A5D6F5B099B7306ABA77A779BF11A8175DE7FABD2AFB0F5E016255553688E3060BB2AD1D2412B5448371927194E4D6EC82CE5FDDF2D2ECC7C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:p...... ....l....F.f.1..(....................................................... ............n......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.R.o.o.t.G.4...c.r.t...".5.a.2.8.6.4.1.7.-.5.9.4."...

                                                                                                                                                                                                                                        C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                        File Type:CSV text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1944
                                                                                                                                                                                                                                        Entropy (8bit):5.343420056309075
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:MxHKQg8mHDp684YHKGSI6oPtHTHhAHKKkhHNpaHKlT44HKmHKe60:iqzCYqGSI6oPtzHeqKkhtpaqZ44qmq10
                                                                                                                                                                                                                                        MD5:437E4DCFC04CB727093C5232EA15F856
                                                                                                                                                                                                                                        SHA1:81B949390201F3B70AE2375518A0FFD329310837
                                                                                                                                                                                                                                        SHA-256:5EADB9774A50B6AD20D588FDA58F5A42B2E257A0AA26832B41F8EA008C1EB96B
                                                                                                                                                                                                                                        SHA-512:0332C7E5205CF9221172473A841284487ACC111780A58557231FCDE72A5EDB7E7E3EF6C87AB9682A688BC24992A74027F930267B541039BD8757EEF4E2F51A0E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.ServiceProcess, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Serv759bfb78#\e2ca4e2ddffdc0d0bda3f2ca65249790\System.ServiceProcess.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.

                                                                                                                                                                                                                                        C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageInternalPoller.exe.log

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1983
                                                                                                                                                                                                                                        Entropy (8bit):5.345248756179348
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:MxHKQwYHKGSI6oPtHTHhAHKKksHVsHT6HNHOHKCHKlT40HKe60:iqbYqGSI6oPtzHeqKks1sz6tuqCqZ40T
                                                                                                                                                                                                                                        MD5:F974F0FCD981AC0581C5498C0155EF91
                                                                                                                                                                                                                                        SHA1:0CF6D5F41937B296EF9D37FC90E56EC8458B96DF
                                                                                                                                                                                                                                        SHA-256:500B63AEC50B89EF4CEC9ED49E53D168CDC35D235CB416B84234D3E45F3AC365
                                                                                                                                                                                                                                        SHA-512:1484917CC2A8E88DD4010FEE60394BD974D5C44ED0482DAD64B06A319E1F7E414321B8BDB06C6DE70152CFEA887BBDEFD2F2689C077251E8D2BBC9448FBF8719
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Runtime, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runtime\2702

                                                                                                                                                                                                                                        C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageMonitoring.exe.log

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                        Size (bytes):3043
                                                                                                                                                                                                                                        Entropy (8bit):5.361093730986187
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:MxHKQwYHKGSI6oPtHTHhAHKKk9HVsHUHhHKe6PfHKWA1eXrHKlT4d6HNHGHPmHKm:iqbYqGSI6oPtzHeqKk91s0Bq13qhA7qp
                                                                                                                                                                                                                                        MD5:7FBB3BC293626F02EEE5D12A2FC44FE7
                                                                                                                                                                                                                                        SHA1:A736DE9B60CEC25864AE995EF046F3F317B5D1AC
                                                                                                                                                                                                                                        SHA-256:B6ED7FB8E1D3A5AB9858099700CDA16766D6F442587CD6F965815CF8AFC1444D
                                                                                                                                                                                                                                        SHA-512:C175AF1525508EEA8DEAE8BE67E4780922492B3D01ACDB36B43220DE5B57898F10558F80C5D6218B61A236D35C41047527C6AD00770F477E23507AAEA7EF2000
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Net.Http\f4

                                                                                                                                                                                                                                        C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageOsUpdates.exe.log

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                                                                                                                                                                                                        File Type:CSV text
                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                        Size (bytes):1933
                                                                                                                                                                                                                                        Entropy (8bit):5.381647656863045
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:MxHKQwYHKGSI6oPtHTHhAHKKkCHKe6PfHKWA1eXrHKlT4fHeHK/:iqbYqGSI6oPtzHeqKkCq13qhA7qZ4f+m
                                                                                                                                                                                                                                        MD5:52CDAA83C48EDB391B9D77AE080A7F05
                                                                                                                                                                                                                                        SHA1:BC3E421F10517820F55349F0C636CE6F5AC43D25
                                                                                                                                                                                                                                        SHA-256:CC4BC1EB52CD4548732E5120182DE3E3B7F5D9191BAF7B0D40DF17D30D0C0D5C
                                                                                                                                                                                                                                        SHA-512:FDFA5A33A156B89D4772A5A503ECD01B5780CD88B2286FDD0DFA47477A7EF58C5F5720CA591A7F27014AB5ED7A6CE3CDA0E71CD329332498F207AC4439626813
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data\545a9409c1

                                                                                                                                                                                                                                        C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageProgramManagement.exe.log

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1968
                                                                                                                                                                                                                                        Entropy (8bit):5.358970550932517
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:MxHKQwYHKGSI6oPtHTHhAHKKk+HKlT44HKmHKe6+JHxLHqHvHlu:iqbYqGSI6oPtzHeqKk+qZ44qmq1IRLK4
                                                                                                                                                                                                                                        MD5:C09FFFFF02DC01F97E0F663546856019
                                                                                                                                                                                                                                        SHA1:1D6A7F75E657912BD3A11A99B914C6EE55893A1F
                                                                                                                                                                                                                                        SHA-256:90EC1BADD918380F4C730DC3FBA25DFBD404BFCAD6E7C9D4B256416E79CEF1D8
                                                                                                                                                                                                                                        SHA-512:4DD854F4E833CB55517A7E42FC325B8B20588FDEB87E11F1F764F83E97E4350E30198AB873C5722B0FE42B6FDAD32F0448607CC8F138BBEB8184D3955DC3630C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\Syste

                                                                                                                                                                                                                                        C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageSystemTools.exe.log

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                                                                                                                                                                                                        File Type:CSV text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1269
                                                                                                                                                                                                                                        Entropy (8bit):5.386023750192824
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUN9E4kjE4KwPk:MxHKQwYHKGSI6oPtHTHhAHKKk9HeHK/
                                                                                                                                                                                                                                        MD5:FF82566FEE793B3C8BD85F73F1B014CA
                                                                                                                                                                                                                                        SHA1:8AC734F19C71900E3327CA914F44D60668E478B5
                                                                                                                                                                                                                                        SHA-256:64C55BC594E2664410BCD69B0B96C64BE27C4E1D5F9201CFABAFD08CAF5341E4
                                                                                                                                                                                                                                        SHA-512:90326D9F79EDC41550897B2A37B5F3230C06775A7DCE5881D5E1AFECA778E72C7C92C6435118A2A4DDA393E01098FED7BB08001B5325B7A94E605297F06BF1E1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Net.Http\f4

                                                                                                                                                                                                                                        C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageTicketing.exe.log

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                                                                                                                                                                                                        File Type:CSV text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1499
                                                                                                                                                                                                                                        Entropy (8bit):5.341844552740347
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUN+E4KlOU4mHE4KXWE4Ke60:MxHKQwYHKGSI6oPtHTHhAHKKk+HKlT4A
                                                                                                                                                                                                                                        MD5:1F102800C2B4B52354570886D784EA54
                                                                                                                                                                                                                                        SHA1:B84148B4A84AF5669134EB9EC27904A05E2517D2
                                                                                                                                                                                                                                        SHA-256:8367F22954F447B469ED78A27028539219651BEB79AFF371045A3347E99B906A
                                                                                                                                                                                                                                        SHA-512:AE4C42696AC5C7F532820D0B5D2412FEAEE4641884B189559C25989E013E09D799C10C98DDC6813D9F7C76A475C34DF8A48BAFC2F5D17708CF5440F931D1CE0A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\Syste

                                                                                                                                                                                                                                        C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageUpgradeAgent.exe.log

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                                                                                                                                                                                        File Type:CSV text
                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                        Size (bytes):1317
                                                                                                                                                                                                                                        Entropy (8bit):5.349237785643295
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNa8mE4Dp684KNE4TKF0KU:MxHKQwYHKGSI6oPtHTHhAHKKka8mHDpT
                                                                                                                                                                                                                                        MD5:FF6F536003EB969D82D1EDB2F415115D
                                                                                                                                                                                                                                        SHA1:D87DCA1D4CC11AFB0ACD875510B2D748C19CCB2A
                                                                                                                                                                                                                                        SHA-256:2A12B63514F8AFF5F9DA361930B7720784A58EEC7FEEF0F0D4866E6CA78286BC
                                                                                                                                                                                                                                        SHA-512:0F4B1226678BD2E1459A2752E98727784D6CFCDFB737E79BF8378804854640FA990F21E00AF8501DC089630F52D8649E15E22F1DB4A18C0E812D208988446C6D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.ServiceProcess, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Serv7

                                                                                                                                                                                                                                        C:\Windows\Temp\AteraSetupLog.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (491), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):100666
                                                                                                                                                                                                                                        Entropy (8bit):3.8144647084578756
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:wMsw+anzP6P2KW7/7wuj4wFkh4zperxNtwhsUadrTLZEQG/BBBM8g11K/Qx/B2XN:CMj7l
                                                                                                                                                                                                                                        MD5:EF211794DF7C8F7D3D05470022F407B5
                                                                                                                                                                                                                                        SHA1:3591F88DFBCD873B6516742594D43B53DFBF1441
                                                                                                                                                                                                                                        SHA-256:AC60EA741E6C8BA83BC9A34E4EFEAD140D608EDCDBE452516E47BCB1F948C8BB
                                                                                                                                                                                                                                        SHA-512:3207FE24E1B43AF6C6ED40735DEE06290C080AE01537A74431F536D80AC25A034EFA87CE294B926EF12D725339FF7AD2780CF5E1C9DBE8EE6CD9A8127A30BB1E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\AteraSetupLog.txt, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..M.S.I. .(.s.). .(.D.8.:.0.C.). .[.0.7.:.3.9.:.4.0.:.6.7.6.].:. .E.x.e.c.u.t.i.n.g. .o.p.:. .A.c.t.i.o.n.S.t.a.r.t.(.N.a.m.e.=.U.n.p.u.b.l.i.s.h.F.e.a.t.u.r.e.s.,.D.e.s.c.r.i.p.t.i.o.n.=.U.n.p.u.b.l.i.s.h.i.n.g. .P.r.o.d.u.c.t. .F.e.a.t.u.r.e.s.,.T.e.m.p.l.a.t.e.=.F.e.a.t.u.r.e.:. .[.1.].).....M.S.I. .(.s.). .(.D.8.:.0.C.). .[.0.7.:.3.9.:.4.0.:.6.7.6.].:. .E.x.e.c.u.t.i.n.g. .o.p.:. .F.e.a.t.u.r.e.U.n.p.u.b.l.i.s.h.(.F.e.a.t.u.r.e.=.I.N.S.T.A.L.L.F.O.L.D.E.R._.f.i.l.e.s._.F.e.a.t.u.r.e.,.,.A.b.s.e.n.t.=.2.,.C.o.m.p.o.n.e.n.t.=.O.8.a.a.x.b.s.h.g.(.m.$.Q.~.p.&.*.c.W.F.T.(.2.U.i.(.$.K.'.9.f.V._.k.m.V.4._.G.j.C.y.s.h.'.2.r.n.2.9.Q.&.i.7.Z.$.a.].P.O.W.`.n.b.v.o.J.L.7.9.C.P.V.G.A.p.y.`.&.F.k.F.A.f.F.s.R.e.A.?.Q.v.~.T.+.f.m.).b.].X.-.3.-.x.5.0.i.R.@.u.g.{.g.H.t.,.9.`.H.r.P.P.A.6.5.`.q.o.?.q.*.'.}.=.2.0.}.P.M.X.0.E.,.c.9.x.h.V.9.!.m.p.a.(.Y.r.t.@.L.).....M.S.I. .(.s.). .(.D.8.:.0.C.). .[.0.7.:.3.9.:.4.0.:.6.7.6.].:. .N.o.t.e.:. .1.:. .1.4.0.2. .2.:. .U.N.K.N.O.W.N.\.I.n.s.t.a.l.l.e.r.\.F.e.a.

                                                                                                                                                                                                                                        C:\Windows\Temp\Microsoft_.NET_Runtime_-_6.0.35_(x64)_20241108073939_000_dotnet_runtime_6.0.35_win_x64.msi.log

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (319), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):563926
                                                                                                                                                                                                                                        Entropy (8bit):3.851659653989098
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:XD+abgEoq22Y7DvzTEM1LmhlhQ8l5xg1DUToqYknYTbp3k+dpxZV4odT8m2ampeO:ljyEr
                                                                                                                                                                                                                                        MD5:4DDFBE7474DF32512F05574874319ADD
                                                                                                                                                                                                                                        SHA1:C53E0A9A8A53040DCF0FAD39E3B918515D894AF9
                                                                                                                                                                                                                                        SHA-256:96376DA6F7AC17DCA0A3ADA32E594C86EB3FF3500745AD17A91D0035EFF3E8AA
                                                                                                                                                                                                                                        SHA-512:FC1C89191B5AE80506300DA0D9583E821DB9C9C9E2E6EDE007F4FF465B4B948F48466FD6F5744FD1534C926525CF1692015A2EDC43DC3800479C7F89EA8EAFD6
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\Microsoft_.NET_Runtime_-_6.0.35_(x64)_20241108073939_000_dotnet_runtime_6.0.35_win_x64.msi.log, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .0.8./.1.1./.2.0.2.4. . .0.7.:.3.9.:.4.4. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.W.i.n.d.o.w.s.\.T.e.m.p.\.{.8.9.9.C.3.3.1.3.-.0.1.9.1.-.4.A.2.9.-.8.8.4.E.-.1.2.6.3.A.8.9.7.1.9.E.4.}.\...b.e.\.d.o.t.n.e.t.-.r.u.n.t.i.m.e.-.6...0...3.5.-.w.i.n.-.x.6.4...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.4.4.:.2.C.). .[.0.7.:.3.9.:.4.4.:.3.9.7.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.4.4.:.2.C.). .[.0.7.:.3.9.:.4.4.:.3.9.7.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .0.....M.S.I. .(.c.). .(.4.4.:.2.C.). .[.0.7.:.3.9.:.4.4.:.3.9.7.].:. .*.*.*.*.*.*.*. .R.u.n.E.n.g.i.n.e.:..... . . . . . . . . . . .*.*.*.*.*.*.*. .P.r.o.d.u.c.t.:. .C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.P.a.c.k.a.g.e. .C.a.c.h.e.\.{.C.7.9.F.6.E.E.C.-.3.A.2.B.-.4.8.7.D.-.A.3.B.6.-.E.D.F.4.0.5.7.B.4.E.4.B.}.v.4.8...1.4.0...2.1.4.5.8.\.d.

                                                                                                                                                                                                                                        C:\Windows\Temp\Microsoft_.NET_Runtime_-_6.0.35_(x64)_20241108073939_001_dotnet_hostfxr_6.0.35_win_x64.msi.log

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (400), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):99398
                                                                                                                                                                                                                                        Entropy (8bit):3.796923642098272
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:M6tmvnZU0hPJFy0NvT4lkzKYAc5v3U2++QoWw12fR3UASybuBj5QhpRBUW9:Mrvj5QhpRBH9
                                                                                                                                                                                                                                        MD5:BF2D939D990AEC6C5F9F6CA71738A70C
                                                                                                                                                                                                                                        SHA1:3AEABE3F0CB772367CF7CC9B789F33EE7AE7C025
                                                                                                                                                                                                                                        SHA-256:1E5AE7A787035F8830EA2366652E910B398DE7CFA618C807028290115A9B4580
                                                                                                                                                                                                                                        SHA-512:1934B3356FD577A858E90AFC0672A2BD7F68AD4275FEF5F5B5B72AD356C381E2433875B0E7397559688D6E195EA973F1AF60943A174ABB70AFAF3E975C85C9C2
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\Microsoft_.NET_Runtime_-_6.0.35_(x64)_20241108073939_001_dotnet_hostfxr_6.0.35_win_x64.msi.log, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .0.8./.1.1./.2.0.2.4. . .0.7.:.4.0.:.0.0. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.W.i.n.d.o.w.s.\.T.e.m.p.\.{.8.9.9.C.3.3.1.3.-.0.1.9.1.-.4.A.2.9.-.8.8.4.E.-.1.2.6.3.A.8.9.7.1.9.E.4.}.\...b.e.\.d.o.t.n.e.t.-.r.u.n.t.i.m.e.-.6...0...3.5.-.w.i.n.-.x.6.4...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.4.4.:.7.4.). .[.0.7.:.4.0.:.0.0.:.8.0.3.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.4.4.:.7.4.). .[.0.7.:.4.0.:.0.0.:.8.0.3.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .0.....M.S.I. .(.c.). .(.4.4.:.7.4.). .[.0.7.:.4.0.:.0.0.:.8.0.3.].:. .*.*.*.*.*.*.*. .R.u.n.E.n.g.i.n.e.:..... . . . . . . . . . . .*.*.*.*.*.*.*. .P.r.o.d.u.c.t.:. .C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.P.a.c.k.a.g.e. .C.a.c.h.e.\.{.E.9.1.F.8.A.C.1.-.4.9.1.7.-.4.5.5.E.-.A.A.C.A.-.B.4.0.B.1.9.3.C.7.A.6.2.}.v.4.8...1.4.0...2.1.4.5.8.\.d.

                                                                                                                                                                                                                                        C:\Windows\Temp\Microsoft_.NET_Runtime_-_6.0.35_(x64)_20241108073939_002_dotnet_host_6.0.35_win_x64.msi.log

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (385), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):109720
                                                                                                                                                                                                                                        Entropy (8bit):3.8014733921264736
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:6DYDHb0Z5seBl0t8LwOWn5SXQ5QNqgoYmxamJlkXW29w+jzMdHJdhFGdq0Gje:6LxjzMdHJdhFGdq0ce
                                                                                                                                                                                                                                        MD5:337F0A3C3FE322AC21EE4C0F7BA35DD8
                                                                                                                                                                                                                                        SHA1:3CB760E196BB22CB16A7AAC6BC5DFAB46E364B5D
                                                                                                                                                                                                                                        SHA-256:43010F33BBB623F624ABBB446044EA665AF5B07D8EFF690D84AB9A62DD6D10DF
                                                                                                                                                                                                                                        SHA-512:FC2BA297084FC93AAB85A9935B70F9CB27E672E98ADC4ED8A19C8ED8B96D5714BAC9E38C4B9CAB65738F793CECE4B2CC52D43BDFD01BA20EA0C408C324E49A94
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\Microsoft_.NET_Runtime_-_6.0.35_(x64)_20241108073939_002_dotnet_host_6.0.35_win_x64.msi.log, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .0.8./.1.1./.2.0.2.4. . .0.7.:.4.0.:.0.1. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.W.i.n.d.o.w.s.\.T.e.m.p.\.{.8.9.9.C.3.3.1.3.-.0.1.9.1.-.4.A.2.9.-.8.8.4.E.-.1.2.6.3.A.8.9.7.1.9.E.4.}.\...b.e.\.d.o.t.n.e.t.-.r.u.n.t.i.m.e.-.6...0...3.5.-.w.i.n.-.x.6.4...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.4.4.:.9.8.). .[.0.7.:.4.0.:.0.1.:.9.2.8.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.4.4.:.9.8.). .[.0.7.:.4.0.:.0.1.:.9.2.8.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .0.....M.S.I. .(.c.). .(.4.4.:.9.8.). .[.0.7.:.4.0.:.0.1.:.9.2.8.].:. .*.*.*.*.*.*.*. .R.u.n.E.n.g.i.n.e.:..... . . . . . . . . . . .*.*.*.*.*.*.*. .P.r.o.d.u.c.t.:. .C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.P.a.c.k.a.g.e. .C.a.c.h.e.\.{.C.5.9.6.0.1.A.1.-.7.7.1.B.-.4.2.6.B.-.A.9.F.7.-.6.C.A.C.C.A.C.4.D.B.4.E.}.v.4.8...1.4.0...2.1.4.5.8.\.d.

                                                                                                                                                                                                                                        C:\Windows\Temp\SplashtopStreamer.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):9502202
                                                                                                                                                                                                                                        Entropy (8bit):7.562548928465728
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:196608:N8k1Y13HYB+LKYCTMhi6YUY7pO/nYUyQmwG9:DBUCTMh/YUQpO/nYUbmwO
                                                                                                                                                                                                                                        MD5:766D278467ED752A9A98BCF91A89040E
                                                                                                                                                                                                                                        SHA1:FFBE629581032D62531893AFD77ABDDA87032C9B
                                                                                                                                                                                                                                        SHA-256:451B91625E4B13E8D6E87843B7454BBEBB08BEFEDC330637289D46E7F5AD62D2
                                                                                                                                                                                                                                        SHA-512:496D113C5EA644AC8562BDD1D445342826B3F2F8B438C56637F91188A8D108D282B03444312CB329610EDE8AE5DDB95B26A71AD0DF56505A65705583EF8B716E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........{F~.(F~.(F~.(O.8(U~.(F~.(.|.(O.>(\~.(O.((.~.(O./(.~.(O.!(A~.(O.?(G~.(O.:(G~.(RichF~.(................PE..L...y?.g............................./............@..................................Ee.............................................. ..(............"d..(..........`................................i..@...................D........................text............................... ..`.rdata..............................@..@.data....^......."..................@....rsrc...(.... ......................@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\ateraAgentSetup64_1_8_7_2.msi

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: x64;1033, Revision Number: {911E9E2F-B38D-4D02-A148-5E49FC9D8943}, Create Time/Date: Wed Feb 28 10:52:04 2024, Last Saved Time/Date: Wed Feb 28 10:52:04 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2994176
                                                                                                                                                                                                                                        Entropy (8bit):7.878630966889847
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:s+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oq1xMbY+K/tzQz:s+lUlz9FKbsodq0YaH7Z1xMb8tT
                                                                                                                                                                                                                                        MD5:5E90226ABB5A004B0B9DB9A9E67BAC21
                                                                                                                                                                                                                                        SHA1:34EB703055BAFA469A714F18C7F00E5098B764AF
                                                                                                                                                                                                                                        SHA-256:BE0C53481ED4CF3EC4D0AD16053CD18D6AAD8C349B8281F5F9B90B526420CEAE
                                                                                                                                                                                                                                        SHA-512:2676357D10AA76F09F2A1F691C7566D54E34B20716EDF1301B2D69C3E3400D0A70E7C1738AEA9A75334B384AB988CEA3A07B983C900AE32395285BE61673C288
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF04FE684DFBD1C055.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF05E5F68B6F9494B7.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF082F37453E450272.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF09A0613500D1B004.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                        Entropy (8bit):1.5703461453944378
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:p8PhFuRc06WXz+FT55Bdm3qzOSjnd/EqdGUDjgbQ6Ssnd/E8Q:khF1jFTLm3qyI3D8NPQ
                                                                                                                                                                                                                                        MD5:C2D724BB650437C6075B4ACB4AFB2E4B
                                                                                                                                                                                                                                        SHA1:0A8D692EC38A62F1C78DE02AE2C2FB201E5805BC
                                                                                                                                                                                                                                        SHA-256:F0B4C41BFC7A0A9C7B776976427E3B37E9BB19765729EFE20AFC5F321B502095
                                                                                                                                                                                                                                        SHA-512:C2A50A3EAA100822E2BD9526EACE2BE90DD1DA26B168807760EFDB6FD6560BB0A70F452DE51F8B548C719F46BE06A46E970AF9CA91E5725340A577340F3DD629
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF09A0613500D1B004.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF0A35CAD3F9B9826E.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                        Entropy (8bit):1.282089835807836
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:hhwuLth8FXzFT5XBddWxxOSjndd4d/EqdpADgbQKSsndd4dNWeUJC:7w7rT1dWx09Z/NXe9
                                                                                                                                                                                                                                        MD5:89A2DF7AE1115E4FD545392731E40CBA
                                                                                                                                                                                                                                        SHA1:BF547BE75DBF8D30B55C7FF30C01481335ACB3F8
                                                                                                                                                                                                                                        SHA-256:18647516B0BE1D11361C7C3F25F72F6D3AC7C3F0F3097FAE777C1A5EB1CC744F
                                                                                                                                                                                                                                        SHA-512:FE7C77FAD2A09409C64471FF41B9BF9643C9B4D1E3CFDA018FBA3EB83CE73A823F517767A4996940C203C1173A3E519D24CFA1DC6194764F0BA274FF2A69FF7E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF0A5F58FAFB66814E.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF0AB4D42089FC291E.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):49152
                                                                                                                                                                                                                                        Entropy (8bit):1.0006967747436453
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:rLMMXukPveFXJ5T5pQGD2nSqISoedvPdvbCnuhnq94nLhgdStedvPdvxubS:rVXUhTnjD2nIciuBuYLhO4
                                                                                                                                                                                                                                        MD5:6930E3F86EBA404695309FB6010EE552
                                                                                                                                                                                                                                        SHA1:26FC61438FFAE21D172F8A82D5F4DCE23EAF33EB
                                                                                                                                                                                                                                        SHA-256:2F250F85C84E2E4DA322604AECD7F80718902DA255313F3421FB35C6B5554518
                                                                                                                                                                                                                                        SHA-512:7ECF90B4CE88EBCF22B42D9412360811B549CEE02F378ED6DFA3818D144875E10B02E30F55C3B6981A6AF7AC963349D9D930D595DCE5EBDE14AF55E4974F1B17
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF0AB4D42089FC291E.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF0D8528F5075401FC.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                        Entropy (8bit):0.0718099974972934
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOfAJtIXaIKAMtgVky6lit/:2F0i8n0itFzDHFfAJua9AMZit/
                                                                                                                                                                                                                                        MD5:6E1D46D62E546E480453BA0BCC0C21D8
                                                                                                                                                                                                                                        SHA1:0F0396319BF0BD71AFD4CB0039AF81B0728E9845
                                                                                                                                                                                                                                        SHA-256:B54E0487D9A684C1FBD71FA267540365F7D58C92E45764A57AB1D4930E04BA6F
                                                                                                                                                                                                                                        SHA-512:588259F795EFC5BF1C8373FA83D2A927A76B4BAE5D847B90C486AB423EECB391131335DEE2D9A433A22E85F3DF99EFA50AC1B1C0867DB765015D758427648301
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF1263F85D7A6DFFDC.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF1367B77C9DC375CA.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF149AF26E7405EB9E.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                        Entropy (8bit):1.5624676733789111
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:k8PhTuRc06WXJWjT5AzdaqISoedGPdGfdruqStedGPdGRubxn:7hT1tjTgdI6o1
                                                                                                                                                                                                                                        MD5:BCE78CB84E1A2AC1791E1950BA08B246
                                                                                                                                                                                                                                        SHA1:966C54A5C7A0D7B7B5977F9D86ECB4653509145C
                                                                                                                                                                                                                                        SHA-256:C0C57EDE40D7DFAEF172301788517327F98924FFFE6AA9C5D1390A0E520496B4
                                                                                                                                                                                                                                        SHA-512:284F80DDE44970D06CEAB9AC08C33A864382DAD8483E58424102EEE9177AE5BC32EBBD67035BD3D5FC170DF726FC537E9446028BC722A3F0F6F1DA5317D556C0
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF149AF26E7405EB9E.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF1648B3632C5ED880.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                        Entropy (8bit):1.2782856569058545
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:JOLuXth8FXz/T5bvBdXynDOSjndddwEqdGUDjgbQiSsndddSE8ly:sLXBTVTCnCf3D8NaE
                                                                                                                                                                                                                                        MD5:6CAADA11BAC1C6DEB46E842AE22D8464
                                                                                                                                                                                                                                        SHA1:0A8AD42D1053724AAADBCB49F1C736906351DE6B
                                                                                                                                                                                                                                        SHA-256:6C31D88CC76D674CDC2AB4DE2B507957E4D680472B2147F0724030D2EAC80881
                                                                                                                                                                                                                                        SHA-512:8E6621A1DB16B7DB7A3597A518B61422BA0FEB18418580380FC78AD6C7129CAC1F4E1D696A351C07F78C0F7D9C1E642C8CB0A9A0D2B4B7A1381316D7982CBA5D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF1648B3632C5ED880.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF19DB8661A095DD7E.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                        Entropy (8bit):1.6013741249095268
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:N8PhTuRc06WXz+FT5RBdXynDOSjndddwEqdGUDjgbQiSsndddSE8ly:whT1jFTDCnCf3D8NaE
                                                                                                                                                                                                                                        MD5:07015D701443F019BCEEFE44B16605BA
                                                                                                                                                                                                                                        SHA1:F0FA70F55F131779A7D40C67EAC78D79038CB72A
                                                                                                                                                                                                                                        SHA-256:F8079F5CC89AD9416881BD3654AC0DB59FA6CEE10D08D4EE34952BA3D7488341
                                                                                                                                                                                                                                        SHA-512:10098DD94440DA289F63C40D7C47A9AA7DEA94DB3E86233925474AE29F52218790DA87D9C0C8A9FA728052AD3C7DAB956FE683194AE27BBB60DAACAEC308C8A5
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF19DB8661A095DD7E.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF24128B1B7636176B.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                        Entropy (8bit):1.2303992858331168
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:hVUuKPveFXJ5T5+GDgSqISoedGPdGTMaStedGPdGTn:vUGhTfD6IkD
                                                                                                                                                                                                                                        MD5:B362B4915788E43B65C88091EB13A526
                                                                                                                                                                                                                                        SHA1:F61327B7760B38E9B9C1ABD7A417D17A4A09ACC7
                                                                                                                                                                                                                                        SHA-256:D91CD8FC33B73FA9D5A7D395DAA94D8AC4196CE13464F815F41A0ED74E5ECE8D
                                                                                                                                                                                                                                        SHA-512:DC154564C39F645FAC41F6F4A7677E7FAABCDF729705BA46204D716B2E147D296EF65325F270C8551E04B7A6C9B4555293ED46D8CC650BA9F5DB890C3FB4E9EC
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF24128B1B7636176B.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF2447F2EA2DAE5C07.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF2A2708B805AC0B90.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF2B0B6C20EEC26074.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                        Entropy (8bit):1.28037173303852
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:thwu3th8FXzFT5lBddWQOSjndd4d/EqdGUDjgbQSSsndd4dXE8:Hw3rTndWN93D8Ng
                                                                                                                                                                                                                                        MD5:62377A903A0C591ECF9B5E1300BE5E9A
                                                                                                                                                                                                                                        SHA1:E79EC7136D843AB5684DF109B62D9D005579A867
                                                                                                                                                                                                                                        SHA-256:30CCAFDB8B9AF2A57C9CD2F0F251F2F566FB96863E7D833622011845079B1EC4
                                                                                                                                                                                                                                        SHA-512:0FD67A374D47425D71B58800C7BB9DF238B15075E3ED4785352EE32243D8FCF85DE6E5128A1A6A27FBBADA89ACC6FF5155ACCF7B3F1EC34D96D447D0A745E259
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF2B0B6C20EEC26074.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF2F11D8AB7C256AF9.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF334B9E77A3779C09.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):49152
                                                                                                                                                                                                                                        Entropy (8bit):1.0006967747436453
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:rLMMXukPveFXJ5T5pQGD2nSqISoedvPdvbCnuhnq94nLhgdStedvPdvxubS:rVXUhTnjD2nIciuBuYLhO4
                                                                                                                                                                                                                                        MD5:6930E3F86EBA404695309FB6010EE552
                                                                                                                                                                                                                                        SHA1:26FC61438FFAE21D172F8A82D5F4DCE23EAF33EB
                                                                                                                                                                                                                                        SHA-256:2F250F85C84E2E4DA322604AECD7F80718902DA255313F3421FB35C6B5554518
                                                                                                                                                                                                                                        SHA-512:7ECF90B4CE88EBCF22B42D9412360811B549CEE02F378ED6DFA3818D144875E10B02E30F55C3B6981A6AF7AC963349D9D930D595DCE5EBDE14AF55E4974F1B17
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF334B9E77A3779C09.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF3854EF7ACE468FA0.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):69632
                                                                                                                                                                                                                                        Entropy (8bit):0.1576664729733054
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:KyuBEuSsndddPSjndddwEqdGUDjgbQXb8dXyb:Puv9f3D8ycC
                                                                                                                                                                                                                                        MD5:B06A1A9E12B18F4122CD7A2A0E9FCC9B
                                                                                                                                                                                                                                        SHA1:B6DD38DCB3E161355FF4F3A59B69755DEF4EBF26
                                                                                                                                                                                                                                        SHA-256:A5A8934F2E6AFCE2BC083E2AB29F886455E1DF82606F9097C17B88405545DA7C
                                                                                                                                                                                                                                        SHA-512:32CFC6E80E4BD853DB9681D5620CC126A6D8CED702E03135D628DE79E85766CB842BAB8D9E84569C0AACA28EE3114184AB6533F1B898878A269DB001C262C824
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF3854EF7ACE468FA0.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF392792FDC2A4AB0C.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                        Entropy (8bit):1.2209629172254637
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:18PhcuRc06WXJEFT5yGDgSqISoedGPdGTMaStedGPdGTn:Yhc1HFTbD6IkD
                                                                                                                                                                                                                                        MD5:65BBFEE7C81C52A67312EB940940862B
                                                                                                                                                                                                                                        SHA1:765D0345EAA7944759B24A60B19BD332BEB91FB4
                                                                                                                                                                                                                                        SHA-256:96B633AC78FC8A17F1B374A4C4C91C35A36C5627C41A3AE05B17D321660E2684
                                                                                                                                                                                                                                        SHA-512:F8B6C2E9095507A77269094275DA04127CD549BDD462639141327A3D17D3A644F2DD7D23A5E3A40302AFE6425EF91844D5B335EA0BF3878741A66ACEED2B75A3
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF392792FDC2A4AB0C.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF3B809B51B7595CAE.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF3C5BCD3D863F04F2.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                        Entropy (8bit):1.6202465671730697
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:48PhPuRc06WXJEFT5iGD2nSqISoedvPdvbCnuhnq94nLhgdStedvPdvxubS:HhP1HFTLD2nIciuBuYLhO4
                                                                                                                                                                                                                                        MD5:4231E56CD0E2D3A04CEE8552EB991134
                                                                                                                                                                                                                                        SHA1:AA6D9162C7E8502F1584D982777FAA11DC1AB264
                                                                                                                                                                                                                                        SHA-256:0619248F3704A56A89EB3F71194C7352F2AA484C6B55EB378DB937EE4E0381A4
                                                                                                                                                                                                                                        SHA-512:D9CA08024D974DAD2B0156018FF23D12CAE99EA26763CCC8B3BABB13CDF414F9055880D7A603A5F64E943F43EACB5C47231A640B2FEB845876DCC82ADBD78A68
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF3C5BCD3D863F04F2.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF3C620E8EC0E084D5.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF3D9C4D396D4A5D9E.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF3E36312AD7193B59.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF40757303CF5AF021.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                        Entropy (8bit):1.2782856569058545
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:JOLuXth8FXz/T5bvBdXynDOSjndddwEqdGUDjgbQiSsndddSE8ly:sLXBTVTCnCf3D8NaE
                                                                                                                                                                                                                                        MD5:6CAADA11BAC1C6DEB46E842AE22D8464
                                                                                                                                                                                                                                        SHA1:0A8AD42D1053724AAADBCB49F1C736906351DE6B
                                                                                                                                                                                                                                        SHA-256:6C31D88CC76D674CDC2AB4DE2B507957E4D680472B2147F0724030D2EAC80881
                                                                                                                                                                                                                                        SHA-512:8E6621A1DB16B7DB7A3597A518B61422BA0FEB18418580380FC78AD6C7129CAC1F4E1D696A351C07F78C0F7D9C1E642C8CB0A9A0D2B4B7A1381316D7982CBA5D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF40757303CF5AF021.TMP, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF40757303CF5AF021.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF4341E3375FA950A4.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF4462ADB9C3CB59E4.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                        Entropy (8bit):1.28037173303852
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:thwu3th8FXzFT5lBddWQOSjndd4d/EqdGUDjgbQSSsndd4dXE8:Hw3rTndWN93D8Ng
                                                                                                                                                                                                                                        MD5:62377A903A0C591ECF9B5E1300BE5E9A
                                                                                                                                                                                                                                        SHA1:E79EC7136D843AB5684DF109B62D9D005579A867
                                                                                                                                                                                                                                        SHA-256:30CCAFDB8B9AF2A57C9CD2F0F251F2F566FB96863E7D833622011845079B1EC4
                                                                                                                                                                                                                                        SHA-512:0FD67A374D47425D71B58800C7BB9DF238B15075E3ED4785352EE32243D8FCF85DE6E5128A1A6A27FBBADA89ACC6FF5155ACCF7B3F1EC34D96D447D0A745E259
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF4462ADB9C3CB59E4.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF453F0FBC0B60F55F.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):69632
                                                                                                                                                                                                                                        Entropy (8bit):0.1420193588363943
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:CnhubmStedGPdGeqISoedGPdGfdruQzZ:iIyLI+
                                                                                                                                                                                                                                        MD5:2847CAE5C1054836F4611A695C3367F3
                                                                                                                                                                                                                                        SHA1:3BB6E6BB67840480369C27EFA71AEA19BE704334
                                                                                                                                                                                                                                        SHA-256:3BB5C418A58B6AD3EF3E77FF4B9981C755FEA9BF70D8621EF0005E6AC06F17D9
                                                                                                                                                                                                                                        SHA-512:9D755B3FFAD8A3DAC2D0DE2DF506B84A9B2325AF76B686B447224C0CD4AE8CD39DEB8F35A1D4EFB90DF3E5440CC04B1AB32396B21720C86DDA00924EC69E441A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF453F0FBC0B60F55F.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF46F6F8A0FA7810BB.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                        Entropy (8bit):0.07928728571212156
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKO/LfNzGelhqLIUSVky6l/X:2F0i8n0itFzDHFjfIaqR/X
                                                                                                                                                                                                                                        MD5:EA6B4F3F0C52181E2913C44F1E8F4FC1
                                                                                                                                                                                                                                        SHA1:730E207F58450786A296AD2820F2821C977E18FA
                                                                                                                                                                                                                                        SHA-256:4443883A6AA19E21D84A287DB3BA806503985BC5501AC985751F9834BBF06C1E
                                                                                                                                                                                                                                        SHA-512:F6FA55D6BB02E5D55671D0DF89D6852CCE2FDE965028F1CA2BA78703609EE3F2C80A92DF74D61DCF486FFF920EE80208F68E087FF8E1F2711DDAB637E7FB1AC9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF5254EA196FE17B63.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF54B49F62B112CF88.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                        Entropy (8bit):1.573052109954215
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:H8PhFuRc06WXz+FT5aBdm3qM6OSjnd/EqdpADgbQySsndVWeUJCQ:GhF1jFTUm3qMDIZ/Nue9Q
                                                                                                                                                                                                                                        MD5:7D61D6652E97287B42E2C9EECC2A203C
                                                                                                                                                                                                                                        SHA1:57CB10E5137E5AE292ED16818B348A421306B771
                                                                                                                                                                                                                                        SHA-256:93C91A7AE115662702D0C304A2ACD1E57C67974A9E516AD97F59C6BC2570437B
                                                                                                                                                                                                                                        SHA-512:AAE04AABB9005352806CF9887E069BE52ACB3CABEF29B5E0A2994B39FDF5A3DA5D761C2401145A54A9CBFE761A01C416AF1831671120B07B5499E645B4747C38
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF55FFDDAFCB13AA8F.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF5605CB05B683D54C.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF56D6828F3B7BE5D3.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                        Entropy (8bit):1.257063986803321
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:c69uRth8FXz/T5KBdm3qM6OSjnd/EqdpADgbQySsndVWeUJCQ:/95BTsm3qMDIZ/Nue9Q
                                                                                                                                                                                                                                        MD5:3AE3BCC3E9CEEB026A35BFF9012847B8
                                                                                                                                                                                                                                        SHA1:E269379821E1967F66CB187A9127174103C297C7
                                                                                                                                                                                                                                        SHA-256:1AF0035AC4FEFA171888CFC120EC116EE9F87FDC26CF4A8D06BA27F850981A55
                                                                                                                                                                                                                                        SHA-512:F67CBEF702773581B73A0FC9B6FC6E67808613990884BE8D9CE7A8D2B20321E3E134F8B65FFB8E7408F6CDF96881D0FAFA2ADFB7AB95B6E0CAE2336334E47A23
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF5B83A7AC03730FA4.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                        Entropy (8bit):1.2513453163563275
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:iIgLuk+JveFXJxT5AzdaqISoedGPdGfdruqStedGPdGRubxn:ixL3ZTgdI6o1
                                                                                                                                                                                                                                        MD5:3AE9FA6C7188B4D474F0C8CEC5780857
                                                                                                                                                                                                                                        SHA1:7172E1FC4A7DEDBBA18094E5DD3574B491129374
                                                                                                                                                                                                                                        SHA-256:27D264F161171B490265E47E513B28DB74B37253ABE2026BFAD31B144D99CE9E
                                                                                                                                                                                                                                        SHA-512:CACBA2A334062F387DDAEDDCAB96C10477C0D2FD8F1278D1FC2AB73BD833A00FA4501B6CE29071AC6A7B31641791058A3E8A5436D50467CE87080ED66EB02C38
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF5B83A7AC03730FA4.TMP, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF5B83A7AC03730FA4.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF5E3B3F33F14E2075.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                        Entropy (8bit):0.07818414976654083
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOw6PKLIUgVky6lW:2F0i8n0itFzDHFw6CbW
                                                                                                                                                                                                                                        MD5:66A8243D5CED8CF9148F8DC9CC546A50
                                                                                                                                                                                                                                        SHA1:215EFA5036A53267D45365E39F2A13005CC139AA
                                                                                                                                                                                                                                        SHA-256:3DBBB36F35D8D48AEB28398470CF3D86E18B7CEA99721ACE711DAD9A60F8A27A
                                                                                                                                                                                                                                        SHA-512:AFEB6D7CAAB6F5027A3383500A10627F09E7F48B073C5F1E55C96B9D1129477C54B465042C2172315F01231BA4479A9CC874F7E3773702F5213F2A191633A992
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF5F1085EBA9AC2838.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                        Entropy (8bit):1.257063986803321
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:c69uRth8FXz/T5KBdm3qM6OSjnd/EqdpADgbQySsndVWeUJCQ:/95BTsm3qMDIZ/Nue9Q
                                                                                                                                                                                                                                        MD5:3AE3BCC3E9CEEB026A35BFF9012847B8
                                                                                                                                                                                                                                        SHA1:E269379821E1967F66CB187A9127174103C297C7
                                                                                                                                                                                                                                        SHA-256:1AF0035AC4FEFA171888CFC120EC116EE9F87FDC26CF4A8D06BA27F850981A55
                                                                                                                                                                                                                                        SHA-512:F67CBEF702773581B73A0FC9B6FC6E67808613990884BE8D9CE7A8D2B20321E3E134F8B65FFB8E7408F6CDF96881D0FAFA2ADFB7AB95B6E0CAE2336334E47A23
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF64316B934467F931.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF65E873130FC1C0A9.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF690431D40E2CB2C8.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF6A8EEDAC344AC30E.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF6F3876F93C562B97.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                        Entropy (8bit):1.2802087634815378
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:qOLurth8FXz/T5biBdXynexOSjndddwEqdpADgbQaSsndddwWeUJCly:9LbBTVeCne0fZ/N1e9E
                                                                                                                                                                                                                                        MD5:8E119944DDB4BB47EE4F703A7608155F
                                                                                                                                                                                                                                        SHA1:4F5E37CEE00AEA2BFF6804E01116EDFA9284DD78
                                                                                                                                                                                                                                        SHA-256:4A3CE9B20B0E8B6F7B9CA6CBC784843CFEBAF2F8863E6B4EA8831EAA50EC1F53
                                                                                                                                                                                                                                        SHA-512:C29FBF272B5A08B59DAE1976BFC6A35C33C165C6DB8B7975FE633E67E12E75239251654F809962952817903BA5E5A5CEB7A8FA6825EBE814AC59FC13B0EB94F3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF776FCEBE338E1733.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                        Entropy (8bit):1.2802087634815378
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:qOLurth8FXz/T5biBdXynexOSjndddwEqdpADgbQaSsndddwWeUJCly:9LbBTVeCne0fZ/N1e9E
                                                                                                                                                                                                                                        MD5:8E119944DDB4BB47EE4F703A7608155F
                                                                                                                                                                                                                                        SHA1:4F5E37CEE00AEA2BFF6804E01116EDFA9284DD78
                                                                                                                                                                                                                                        SHA-256:4A3CE9B20B0E8B6F7B9CA6CBC784843CFEBAF2F8863E6B4EA8831EAA50EC1F53
                                                                                                                                                                                                                                        SHA-512:C29FBF272B5A08B59DAE1976BFC6A35C33C165C6DB8B7975FE633E67E12E75239251654F809962952817903BA5E5A5CEB7A8FA6825EBE814AC59FC13B0EB94F3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF78C052E5ABC11FDF.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF795B13A3E74B7DE4.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):69632
                                                                                                                                                                                                                                        Entropy (8bit):0.15825124346422614
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:KyuHWeUJ4SsndddPSjndddwEqdpADgbQ1xb7dXyO:Pu2e99fZ/sdJC
                                                                                                                                                                                                                                        MD5:6181CD333229BF30E73A73D8BA9A67CD
                                                                                                                                                                                                                                        SHA1:A6B2F4BB1E44126DB296227E645228F577CB0B27
                                                                                                                                                                                                                                        SHA-256:0684E6475A6C1209879595449724ABC2DE18ED68D1759A3AFD9CDFBD32EFC712
                                                                                                                                                                                                                                        SHA-512:76FDFA010AD48CB58D66D554A9B39B62FF3999DA536572BF3097D652C4A44884C3E7F7B168E66B8C20766A6FC1B47C95F3CEAFA613605501584951FF56AC86BA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF7DDA5B9BF67DD720.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                        Entropy (8bit):1.255346301289319
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:w69u5th8FXz/T5pBdm3qzOSjnd/EqdGUDjgbQ6Ssnd/E8Q:j9RBTjm3qyI3D8NPQ
                                                                                                                                                                                                                                        MD5:86D22A9E4C6762B3B32545641EC764B3
                                                                                                                                                                                                                                        SHA1:00B521B4DD203B88836DA6924AB1BE3B2D5F0F0E
                                                                                                                                                                                                                                        SHA-256:5DF2F8DC28C08F542205519D0CBD02EA1566BE460A498DBFC724C2E0659563DF
                                                                                                                                                                                                                                        SHA-512:7F68FF524D4D05C90DDBA0AFF400A6DE4FB65B7EFCCA500E79B73C820F9D16D39195BE4E7DA59E8DDC1293741BA9B39CCBD349C0F2AE92B2CE891C8A3E68565A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF7DDA5B9BF67DD720.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF883891F690572C07.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):69632
                                                                                                                                                                                                                                        Entropy (8bit):0.13045116672209772
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:CnAipVfedGSadGS7qIipVGedGSadGSfEqasJG5WTZkob+kA+ns:CnAStedGPdGeqISoedGPdGTMTbmJ
                                                                                                                                                                                                                                        MD5:31B2B78A6528D367F10CD40E879437B1
                                                                                                                                                                                                                                        SHA1:B9A7EE81EF11E4C1528751BE957788834CDCABCF
                                                                                                                                                                                                                                        SHA-256:9A00F09293C5B25C36CC72DB0F778CAADE67881933DED0A602A988C361601F9D
                                                                                                                                                                                                                                        SHA-512:B91D42C3620D5FB6993560473F32131C20EF2B54CE9E88CB627F49D09D6A2DA056E22CBC1774D154AFC97C0B20E2FB436E71689F001CD948A715C95EDCD8493F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF883891F690572C07.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF89ED9DD027E93DD3.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                        Entropy (8bit):1.6042363764777214
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:Uh8PhTuRc06WXz+FT5YBdXynexOSjndddwEqdpADgbQaSsndddwWeUJCly:/hT1jFTOCne0fZ/N1e9E
                                                                                                                                                                                                                                        MD5:C7257ECE054F7BB3C08AFD59CA05995F
                                                                                                                                                                                                                                        SHA1:B6B7AE9F13236F15E115895A7F5DA7CAFB8C9698
                                                                                                                                                                                                                                        SHA-256:EAD7F700B3ABE696F293AC3044BDA329E3A2EAD8E35406EF76B3B6280101E00E
                                                                                                                                                                                                                                        SHA-512:FB43C0ED03D212875455D0F2955E10DCF103CD6FABB78C426C172FE745E9EDCEA47E6A93F49D43067473C365BF23818B77CD8A0A46A618264B87AC6DCD01F656
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF8C6E2C72D3649879.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                        Entropy (8bit):1.6042363764777214
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:Uh8PhTuRc06WXz+FT5YBdXynexOSjndddwEqdpADgbQaSsndddwWeUJCly:/hT1jFTOCne0fZ/N1e9E
                                                                                                                                                                                                                                        MD5:C7257ECE054F7BB3C08AFD59CA05995F
                                                                                                                                                                                                                                        SHA1:B6B7AE9F13236F15E115895A7F5DA7CAFB8C9698
                                                                                                                                                                                                                                        SHA-256:EAD7F700B3ABE696F293AC3044BDA329E3A2EAD8E35406EF76B3B6280101E00E
                                                                                                                                                                                                                                        SHA-512:FB43C0ED03D212875455D0F2955E10DCF103CD6FABB78C426C172FE745E9EDCEA47E6A93F49D43067473C365BF23818B77CD8A0A46A618264B87AC6DCD01F656
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF8DBFB97AB363B2F7.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                        Entropy (8bit):0.07957035983066839
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOxgIYqICN/K9IKLIUSVky6l/X:2F0i8n0itFzDHFxgIjNxKR/X
                                                                                                                                                                                                                                        MD5:C584EBAB63FADE959CA713DE5E61B9FE
                                                                                                                                                                                                                                        SHA1:04626806B95D1B8C9B3212C646EA715217A95E6A
                                                                                                                                                                                                                                        SHA-256:324A20E8D4B0FD8D553397ECEA4877E20BB7B1DC2B709BAB914AD75C11BEAE5D
                                                                                                                                                                                                                                        SHA-512:F3633B74C48AEE72D5F5AC77F2A2D15FF86922026FEF75DC5087A60BCB83935B7E4FA5CD56207B3F120B5A21495BA25472597CFCEBE30EDAAF550644EF97FACA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF8FA2ED73703CA3D1.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                        Entropy (8bit):1.2782856569058545
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:JOLuXth8FXz/T5bvBdXynDOSjndddwEqdGUDjgbQiSsndddSE8ly:sLXBTVTCnCf3D8NaE
                                                                                                                                                                                                                                        MD5:6CAADA11BAC1C6DEB46E842AE22D8464
                                                                                                                                                                                                                                        SHA1:0A8AD42D1053724AAADBCB49F1C736906351DE6B
                                                                                                                                                                                                                                        SHA-256:6C31D88CC76D674CDC2AB4DE2B507957E4D680472B2147F0724030D2EAC80881
                                                                                                                                                                                                                                        SHA-512:8E6621A1DB16B7DB7A3597A518B61422BA0FEB18418580380FC78AD6C7129CAC1F4E1D696A351C07F78C0F7D9C1E642C8CB0A9A0D2B4B7A1381316D7982CBA5D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF8FA2ED73703CA3D1.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF94F2B8D5FD07F988.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):69632
                                                                                                                                                                                                                                        Entropy (8bit):0.14510903701148306
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:979EuSsndYSjnd/EqdGUDjgbQTb4dm3M:97rWI3D8WQm3
                                                                                                                                                                                                                                        MD5:D1724670DAD9905FE7B42088CF27AF41
                                                                                                                                                                                                                                        SHA1:6651745EB4652FA30C62A8C024B8054FAFFA4A10
                                                                                                                                                                                                                                        SHA-256:4B06686C5230EA6121884D290A697D0B57D8CC203CEE8BC739DF8DDB6B53F8B8
                                                                                                                                                                                                                                        SHA-512:69D400E3D921077A300D5D9C8002DE46EA1241BE6554D940DEAD532B2DCBA6A60922F9647EAC6F7088D5259057FBCBF7BC53F98CE0B13B99AC47B78F3A2DE64D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF94F2B8D5FD07F988.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF957A09D6BF6B9F7A.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                        Entropy (8bit):1.282089835807836
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:hhwuLth8FXzFT5XBddWxxOSjndd4d/EqdpADgbQKSsndd4dNWeUJC:7w7rT1dWx09Z/NXe9
                                                                                                                                                                                                                                        MD5:89A2DF7AE1115E4FD545392731E40CBA
                                                                                                                                                                                                                                        SHA1:BF547BE75DBF8D30B55C7FF30C01481335ACB3F8
                                                                                                                                                                                                                                        SHA-256:18647516B0BE1D11361C7C3F25F72F6D3AC7C3F0F3097FAE777C1A5EB1CC744F
                                                                                                                                                                                                                                        SHA-512:FE7C77FAD2A09409C64471FF41B9BF9643C9B4D1E3CFDA018FBA3EB83CE73A823F517767A4996940C203C1173A3E519D24CFA1DC6194764F0BA274FF2A69FF7E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF9F364A753B0AEDA3.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                        Entropy (8bit):1.255346301289319
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:w69u5th8FXz/T5pBdm3qzOSjnd/EqdGUDjgbQ6Ssnd/E8Q:j9RBTjm3qyI3D8NPQ
                                                                                                                                                                                                                                        MD5:86D22A9E4C6762B3B32545641EC764B3
                                                                                                                                                                                                                                        SHA1:00B521B4DD203B88836DA6924AB1BE3B2D5F0F0E
                                                                                                                                                                                                                                        SHA-256:5DF2F8DC28C08F542205519D0CBD02EA1566BE460A498DBFC724C2E0659563DF
                                                                                                                                                                                                                                        SHA-512:7F68FF524D4D05C90DDBA0AFF400A6DE4FB65B7EFCCA500E79B73C820F9D16D39195BE4E7DA59E8DDC1293741BA9B39CCBD349C0F2AE92B2CE891C8A3E68565A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF9F364A753B0AEDA3.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF9F6529A1CEF531B3.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DF9F7387F47FC15CA9.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):69632
                                                                                                                                                                                                                                        Entropy (8bit):0.15870488372635924
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:KlEuSsndd4dASjndd4d/EqdGUDjgbQMbEddB:KD/93D8DEd
                                                                                                                                                                                                                                        MD5:3B99C232ECE5E2C2054C47D4EC4FEE80
                                                                                                                                                                                                                                        SHA1:859A5770DDDD0A2F522D01F4C578534E71BC060A
                                                                                                                                                                                                                                        SHA-256:A0EEDB46F4CA252B44A3A3BB30F8C267FFE5F9224F8A8E8D736810E1A693F87B
                                                                                                                                                                                                                                        SHA-512:5A64E06DEF935C8246CE9CEC01887EAFE237EDCA04A8CAD84610CEF82B9744C75CA154DFE16AF376E42050EBD846BB8A53A53DDF2074AAC42305CE6476458E32
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF9F7387F47FC15CA9.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFA1CF1EE13109B844.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFA1FF22EB0B8F1F6F.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFA5FCE41365CD17E3.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFAF2127C417783835.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFB2A24EDCFB4793D5.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFB3F5F6EDD916E61E.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                        Entropy (8bit):1.573052109954215
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:H8PhFuRc06WXz+FT5aBdm3qM6OSjnd/EqdpADgbQySsndVWeUJCQ:GhF1jFTUm3qMDIZ/Nue9Q
                                                                                                                                                                                                                                        MD5:7D61D6652E97287B42E2C9EECC2A203C
                                                                                                                                                                                                                                        SHA1:57CB10E5137E5AE292ED16818B348A421306B771
                                                                                                                                                                                                                                        SHA-256:93C91A7AE115662702D0C304A2ACD1E57C67974A9E516AD97F59C6BC2570437B
                                                                                                                                                                                                                                        SHA-512:AAE04AABB9005352806CF9887E069BE52ACB3CABEF29B5E0A2994B39FDF5A3DA5D761C2401145A54A9CBFE761A01C416AF1831671120B07B5499E645B4747C38
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFB42DF47B0B398CBA.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                        Entropy (8bit):1.2802087634815378
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:qOLurth8FXz/T5biBdXynexOSjndddwEqdpADgbQaSsndddwWeUJCly:9LbBTVeCne0fZ/N1e9E
                                                                                                                                                                                                                                        MD5:8E119944DDB4BB47EE4F703A7608155F
                                                                                                                                                                                                                                        SHA1:4F5E37CEE00AEA2BFF6804E01116EDFA9284DD78
                                                                                                                                                                                                                                        SHA-256:4A3CE9B20B0E8B6F7B9CA6CBC784843CFEBAF2F8863E6B4EA8831EAA50EC1F53
                                                                                                                                                                                                                                        SHA-512:C29FBF272B5A08B59DAE1976BFC6A35C33C165C6DB8B7975FE633E67E12E75239251654F809962952817903BA5E5A5CEB7A8FA6825EBE814AC59FC13B0EB94F3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFB94B946DDEB71AA2.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):69632
                                                                                                                                                                                                                                        Entropy (8bit):0.14546071450175913
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:97rWeUJ4SsndYSjnd/EqdpADgbQT6bldm37:97ae9WIZ/IwXm3
                                                                                                                                                                                                                                        MD5:58473AA926297673F603CE227314A3BA
                                                                                                                                                                                                                                        SHA1:6DD27874B1B3129261D0619015AB5C45EFAC4FE4
                                                                                                                                                                                                                                        SHA-256:96FF99C8F15D8BC86BDF5E77CADC41DF42CA84A056F5962FB50EC8D1ACB2F3EF
                                                                                                                                                                                                                                        SHA-512:801F8331DF553C7D90AF21B3A9DE8ABB322B2FECA37D58CFBD69EC76966611FDCEE0BA2EC4DA1D6B1C1082ACCD2B0497BB0E170FFC0796EF58558602D6BDE61D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFB94BDC9FCCFCB068.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                        Entropy (8bit):1.2303992858331168
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:hVUuKPveFXJ5T5+GDgSqISoedGPdGTMaStedGPdGTn:vUGhTfD6IkD
                                                                                                                                                                                                                                        MD5:B362B4915788E43B65C88091EB13A526
                                                                                                                                                                                                                                        SHA1:F61327B7760B38E9B9C1ABD7A417D17A4A09ACC7
                                                                                                                                                                                                                                        SHA-256:D91CD8FC33B73FA9D5A7D395DAA94D8AC4196CE13464F815F41A0ED74E5ECE8D
                                                                                                                                                                                                                                        SHA-512:DC154564C39F645FAC41F6F4A7677E7FAABCDF729705BA46204D716B2E147D296EF65325F270C8551E04B7A6C9B4555293ED46D8CC650BA9F5DB890C3FB4E9EC
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFB94BDC9FCCFCB068.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFBA889C5C19AD67A3.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                        Entropy (8bit):1.5624676733789111
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:k8PhTuRc06WXJWjT5AzdaqISoedGPdGfdruqStedGPdGRubxn:7hT1tjTgdI6o1
                                                                                                                                                                                                                                        MD5:BCE78CB84E1A2AC1791E1950BA08B246
                                                                                                                                                                                                                                        SHA1:966C54A5C7A0D7B7B5977F9D86ECB4653509145C
                                                                                                                                                                                                                                        SHA-256:C0C57EDE40D7DFAEF172301788517327F98924FFFE6AA9C5D1390A0E520496B4
                                                                                                                                                                                                                                        SHA-512:284F80DDE44970D06CEAB9AC08C33A864382DAD8483E58424102EEE9177AE5BC32EBBD67035BD3D5FC170DF726FC537E9446028BC722A3F0F6F1DA5317D556C0
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFBA889C5C19AD67A3.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFBA8E27D1C0AA59DC.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFBC2F060892635FFA.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFBD5A3625BC458CD4.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFC062C42551A28A49.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                        Entropy (8bit):1.2513453163563275
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:iIgLuk+JveFXJxT5AzdaqISoedGPdGfdruqStedGPdGRubxn:ixL3ZTgdI6o1
                                                                                                                                                                                                                                        MD5:3AE9FA6C7188B4D474F0C8CEC5780857
                                                                                                                                                                                                                                        SHA1:7172E1FC4A7DEDBBA18094E5DD3574B491129374
                                                                                                                                                                                                                                        SHA-256:27D264F161171B490265E47E513B28DB74B37253ABE2026BFAD31B144D99CE9E
                                                                                                                                                                                                                                        SHA-512:CACBA2A334062F387DDAEDDCAB96C10477C0D2FD8F1278D1FC2AB73BD833A00FA4501B6CE29071AC6A7B31641791058A3E8A5436D50467CE87080ED66EB02C38
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFC062C42551A28A49.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFC3987A7F0B1AE609.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFC3C8AA90CD99C95F.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFC4B0402BA4B10C60.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                        Entropy (8bit):1.2209629172254637
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:18PhcuRc06WXJEFT5yGDgSqISoedGPdGTMaStedGPdGTn:Yhc1HFTbD6IkD
                                                                                                                                                                                                                                        MD5:65BBFEE7C81C52A67312EB940940862B
                                                                                                                                                                                                                                        SHA1:765D0345EAA7944759B24A60B19BD332BEB91FB4
                                                                                                                                                                                                                                        SHA-256:96B633AC78FC8A17F1B374A4C4C91C35A36C5627C41A3AE05B17D321660E2684
                                                                                                                                                                                                                                        SHA-512:F8B6C2E9095507A77269094275DA04127CD549BDD462639141327A3D17D3A644F2DD7D23A5E3A40302AFE6425EF91844D5B335EA0BF3878741A66ACEED2B75A3
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFC4B0402BA4B10C60.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFC5919D9AED21CA50.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFC88DC2249F62BAF9.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFC9329EB2CD6934DE.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                        Entropy (8bit):1.6013741249095268
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:N8PhTuRc06WXz+FT5RBdXynDOSjndddwEqdGUDjgbQiSsndddSE8ly:whT1jFTDCnCf3D8NaE
                                                                                                                                                                                                                                        MD5:07015D701443F019BCEEFE44B16605BA
                                                                                                                                                                                                                                        SHA1:F0FA70F55F131779A7D40C67EAC78D79038CB72A
                                                                                                                                                                                                                                        SHA-256:F8079F5CC89AD9416881BD3654AC0DB59FA6CEE10D08D4EE34952BA3D7488341
                                                                                                                                                                                                                                        SHA-512:10098DD94440DA289F63C40D7C47A9AA7DEA94DB3E86233925474AE29F52218790DA87D9C0C8A9FA728052AD3C7DAB956FE683194AE27BBB60DAACAEC308C8A5
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFC9329EB2CD6934DE.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFC9568EBA2376C40C.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                        Entropy (8bit):0.077966497703753
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKO1LtCmOuPrfkiVky6l51:2F0i8n0itFzDHFzTPrfWr
                                                                                                                                                                                                                                        MD5:785EA75A2FB1DB6D9155B28A1291DAF3
                                                                                                                                                                                                                                        SHA1:6B86F7E077D0A8823383FBB776313FEDB17BFDEA
                                                                                                                                                                                                                                        SHA-256:BCD727E77C067BD5A31C13E8024F00ED60381D9AB725CAE2E6777A5708C9DDE0
                                                                                                                                                                                                                                        SHA-512:1834BBF627951711C96708EE7AA4B6C069055E832C717561DC77592E68EFB93E65FE825A5D3D13859057C93BE96CC12701D725491C4CFC49A4EE4FD40942E72A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFCBC6EA0CA782D645.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFD00F8005C2A5FD79.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                        Entropy (8bit):1.6075139429602279
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:28Ph4uRc06WXzAFT5OBddWxxOSjndd4d/EqdpADgbQKSsndd4dNWeUJC:Jh411FTIdWx09Z/NXe9
                                                                                                                                                                                                                                        MD5:A8F96EDEF5C00506B0B320B04913799B
                                                                                                                                                                                                                                        SHA1:A098B0AA17B96694CEB1E6881F5E58C63C9FC5EE
                                                                                                                                                                                                                                        SHA-256:4F29A55CE67DA9E79BDAF54E433DE4EBF8A6F93107CB520B0D2FA853A491E7AD
                                                                                                                                                                                                                                        SHA-512:155C4A8414B80672CA4F3891BF3BEE4EA8E004A64DEAC51497CB359BFFA25CCDA650792125BE42D3EC5A5183FCCE9CB592041F5323DCD57FED26C2CCED046C0C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFD1C06E00BBA0C25F.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFD1C4DD29A990E7B3.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFD40DACBB8D6576BB.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFD49DE98BD4F76663.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                        Entropy (8bit):1.28037173303852
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:thwu3th8FXzFT5lBddWQOSjndd4d/EqdGUDjgbQSSsndd4dXE8:Hw3rTndWN93D8Ng
                                                                                                                                                                                                                                        MD5:62377A903A0C591ECF9B5E1300BE5E9A
                                                                                                                                                                                                                                        SHA1:E79EC7136D843AB5684DF109B62D9D005579A867
                                                                                                                                                                                                                                        SHA-256:30CCAFDB8B9AF2A57C9CD2F0F251F2F566FB96863E7D833622011845079B1EC4
                                                                                                                                                                                                                                        SHA-512:0FD67A374D47425D71B58800C7BB9DF238B15075E3ED4785352EE32243D8FCF85DE6E5128A1A6A27FBBADA89ACC6FF5155ACCF7B3F1EC34D96D447D0A745E259
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFD49DE98BD4F76663.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFD8922D0D6E979E0F.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFD97CCF58AE9A8617.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                        Entropy (8bit):1.282089835807836
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:hhwuLth8FXzFT5XBddWxxOSjndd4d/EqdpADgbQKSsndd4dNWeUJC:7w7rT1dWx09Z/NXe9
                                                                                                                                                                                                                                        MD5:89A2DF7AE1115E4FD545392731E40CBA
                                                                                                                                                                                                                                        SHA1:BF547BE75DBF8D30B55C7FF30C01481335ACB3F8
                                                                                                                                                                                                                                        SHA-256:18647516B0BE1D11361C7C3F25F72F6D3AC7C3F0F3097FAE777C1A5EB1CC744F
                                                                                                                                                                                                                                        SHA-512:FE7C77FAD2A09409C64471FF41B9BF9643C9B4D1E3CFDA018FBA3EB83CE73A823F517767A4996940C203C1173A3E519D24CFA1DC6194764F0BA274FF2A69FF7E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFDE92FEF47ACED046.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                        Entropy (8bit):1.2513453163563275
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:iIgLuk+JveFXJxT5AzdaqISoedGPdGfdruqStedGPdGRubxn:ixL3ZTgdI6o1
                                                                                                                                                                                                                                        MD5:3AE9FA6C7188B4D474F0C8CEC5780857
                                                                                                                                                                                                                                        SHA1:7172E1FC4A7DEDBBA18094E5DD3574B491129374
                                                                                                                                                                                                                                        SHA-256:27D264F161171B490265E47E513B28DB74B37253ABE2026BFAD31B144D99CE9E
                                                                                                                                                                                                                                        SHA-512:CACBA2A334062F387DDAEDDCAB96C10477C0D2FD8F1278D1FC2AB73BD833A00FA4501B6CE29071AC6A7B31641791058A3E8A5436D50467CE87080ED66EB02C38
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFDE92FEF47ACED046.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFE28F20BF858487E1.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                        Entropy (8bit):1.6202465671730697
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:48PhPuRc06WXJEFT5iGD2nSqISoedvPdvbCnuhnq94nLhgdStedvPdvxubS:HhP1HFTLD2nIciuBuYLhO4
                                                                                                                                                                                                                                        MD5:4231E56CD0E2D3A04CEE8552EB991134
                                                                                                                                                                                                                                        SHA1:AA6D9162C7E8502F1584D982777FAA11DC1AB264
                                                                                                                                                                                                                                        SHA-256:0619248F3704A56A89EB3F71194C7352F2AA484C6B55EB378DB937EE4E0381A4
                                                                                                                                                                                                                                        SHA-512:D9CA08024D974DAD2B0156018FF23D12CAE99EA26763CCC8B3BABB13CDF414F9055880D7A603A5F64E943F43EACB5C47231A640B2FEB845876DCC82ADBD78A68
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFE28F20BF858487E1.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFE2AA3264441F0126.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                        Entropy (8bit):1.255346301289319
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:w69u5th8FXz/T5pBdm3qzOSjnd/EqdGUDjgbQ6Ssnd/E8Q:j9RBTjm3qyI3D8NPQ
                                                                                                                                                                                                                                        MD5:86D22A9E4C6762B3B32545641EC764B3
                                                                                                                                                                                                                                        SHA1:00B521B4DD203B88836DA6924AB1BE3B2D5F0F0E
                                                                                                                                                                                                                                        SHA-256:5DF2F8DC28C08F542205519D0CBD02EA1566BE460A498DBFC724C2E0659563DF
                                                                                                                                                                                                                                        SHA-512:7F68FF524D4D05C90DDBA0AFF400A6DE4FB65B7EFCCA500E79B73C820F9D16D39195BE4E7DA59E8DDC1293741BA9B39CCBD349C0F2AE92B2CE891C8A3E68565A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFE2AA3264441F0126.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFE420C912B1FC3A4A.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFE646286756ED65F5.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFE74CF67B80915512.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFE78F4222094BB8F1.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):49152
                                                                                                                                                                                                                                        Entropy (8bit):1.0006967747436453
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:rLMMXukPveFXJ5T5pQGD2nSqISoedvPdvbCnuhnq94nLhgdStedvPdvxubS:rVXUhTnjD2nIciuBuYLhO4
                                                                                                                                                                                                                                        MD5:6930E3F86EBA404695309FB6010EE552
                                                                                                                                                                                                                                        SHA1:26FC61438FFAE21D172F8A82D5F4DCE23EAF33EB
                                                                                                                                                                                                                                        SHA-256:2F250F85C84E2E4DA322604AECD7F80718902DA255313F3421FB35C6B5554518
                                                                                                                                                                                                                                        SHA-512:7ECF90B4CE88EBCF22B42D9412360811B549CEE02F378ED6DFA3818D144875E10B02E30F55C3B6981A6AF7AC963349D9D930D595DCE5EBDE14AF55E4974F1B17
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFE78F4222094BB8F1.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFEB36E137878F14EA.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):69632
                                                                                                                                                                                                                                        Entropy (8bit):0.1634407147761252
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:TEubmStedvPdv+qISoedvPdvbCnuhnq94nLhgsb22J:hybIciuBuYLhf22
                                                                                                                                                                                                                                        MD5:1C6269FFF272A5DC054FD8176AD12B45
                                                                                                                                                                                                                                        SHA1:DCD86A3BD0984C522339D5D6F8FB11997D194F53
                                                                                                                                                                                                                                        SHA-256:6D12120171A4A7F1AD803552B312D85678FDEAF34C5137AB6575518722ABBBF0
                                                                                                                                                                                                                                        SHA-512:A2D0D89DD06A3B2BB226CAC0C4093E07D462CA1919C6FE854AD1A0DF7008281E53349D23F9C9236319669F247C7B56132412DCF373B19649DAC7550629B7B371
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFEB36E137878F14EA.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFEC28E6A6438FFDBD.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                        Entropy (8bit):1.5703461453944378
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:p8PhFuRc06WXz+FT55Bdm3qzOSjnd/EqdGUDjgbQ6Ssnd/E8Q:khF1jFTLm3qyI3D8NPQ
                                                                                                                                                                                                                                        MD5:C2D724BB650437C6075B4ACB4AFB2E4B
                                                                                                                                                                                                                                        SHA1:0A8D692EC38A62F1C78DE02AE2C2FB201E5805BC
                                                                                                                                                                                                                                        SHA-256:F0B4C41BFC7A0A9C7B776976427E3B37E9BB19765729EFE20AFC5F321B502095
                                                                                                                                                                                                                                        SHA-512:C2A50A3EAA100822E2BD9526EACE2BE90DD1DA26B168807760EFDB6FD6560BB0A70F452DE51F8B548C719F46BE06A46E970AF9CA91E5725340A577340F3DD629
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFEC28E6A6438FFDBD.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFED7F1CA7BFB51E02.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                        Entropy (8bit):1.6075139429602279
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:28Ph4uRc06WXzAFT5OBddWxxOSjndd4d/EqdpADgbQKSsndd4dNWeUJC:Jh411FTIdWx09Z/NXe9
                                                                                                                                                                                                                                        MD5:A8F96EDEF5C00506B0B320B04913799B
                                                                                                                                                                                                                                        SHA1:A098B0AA17B96694CEB1E6881F5E58C63C9FC5EE
                                                                                                                                                                                                                                        SHA-256:4F29A55CE67DA9E79BDAF54E433DE4EBF8A6F93107CB520B0D2FA853A491E7AD
                                                                                                                                                                                                                                        SHA-512:155C4A8414B80672CA4F3891BF3BEE4EA8E004A64DEAC51497CB359BFFA25CCDA650792125BE42D3EC5A5183FCCE9CB592041F5323DCD57FED26C2CCED046C0C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFEE7D684D8A60F699.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                        Entropy (8bit):1.257063986803321
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:c69uRth8FXz/T5KBdm3qM6OSjnd/EqdpADgbQySsndVWeUJCQ:/95BTsm3qMDIZ/Nue9Q
                                                                                                                                                                                                                                        MD5:3AE3BCC3E9CEEB026A35BFF9012847B8
                                                                                                                                                                                                                                        SHA1:E269379821E1967F66CB187A9127174103C297C7
                                                                                                                                                                                                                                        SHA-256:1AF0035AC4FEFA171888CFC120EC116EE9F87FDC26CF4A8D06BA27F850981A55
                                                                                                                                                                                                                                        SHA-512:F67CBEF702773581B73A0FC9B6FC6E67808613990884BE8D9CE7A8D2B20321E3E134F8B65FFB8E7408F6CDF96881D0FAFA2ADFB7AB95B6E0CAE2336334E47A23
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFF0E8609902102013.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                        Entropy (8bit):1.2303992858331168
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:hVUuKPveFXJ5T5+GDgSqISoedGPdGTMaStedGPdGTn:vUGhTfD6IkD
                                                                                                                                                                                                                                        MD5:B362B4915788E43B65C88091EB13A526
                                                                                                                                                                                                                                        SHA1:F61327B7760B38E9B9C1ABD7A417D17A4A09ACC7
                                                                                                                                                                                                                                        SHA-256:D91CD8FC33B73FA9D5A7D395DAA94D8AC4196CE13464F815F41A0ED74E5ECE8D
                                                                                                                                                                                                                                        SHA-512:DC154564C39F645FAC41F6F4A7677E7FAABCDF729705BA46204D716B2E147D296EF65325F270C8551E04B7A6C9B4555293ED46D8CC650BA9F5DB890C3FB4E9EC
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFF0E8609902102013.TMP, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFF0E8609902102013.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFF10138497BD58B77.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFF275A9752B87764D.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):69632
                                                                                                                                                                                                                                        Entropy (8bit):0.15910312147533287
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:KDWeUJ4Ssndd4dASjndd4d/EqdpADgbQQxbhddT:Kie9/9Z/5dLd
                                                                                                                                                                                                                                        MD5:378DD43C1FBB5E5DE801B4B222265D62
                                                                                                                                                                                                                                        SHA1:41C57F59C86AFCCF9BC7C5A519163BFB0F699F92
                                                                                                                                                                                                                                        SHA-256:A9DFEB4B1738DDF85FC81E3C92A112ECF8F21CCCD686B08100703D06F9E481D9
                                                                                                                                                                                                                                        SHA-512:DCB235130E2A65FF32048AC41468EEC0F3883345FF21692227B9469A455F7CE67605DBD111DDA8F87763E04450325E35ECA372DB5BDE15A6D6915426FB0DE25E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFF34671EFF95FB92E.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                        Entropy (8bit):1.605204939520094
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:Y8Ph4uRc06WXzAFT5QBddWQOSjndd4d/EqdGUDjgbQSSsndd4dXE8:nh411FTmdWN93D8Ng
                                                                                                                                                                                                                                        MD5:41C18DAD5667492341F4351C10C08706
                                                                                                                                                                                                                                        SHA1:DEC53CB530AC8C4CCC740DE5048CC0BD65646DA1
                                                                                                                                                                                                                                        SHA-256:7B3C3A0254C4FFDB360D5E86EBB7B2AB2243B4230F86F29F61D0701680B99BF1
                                                                                                                                                                                                                                        SHA-512:232CF572BEC056906631E6B995B8E8A2205C16F471812B7D343DDDCBF97EDC7D5BB68FCB7F3DBE9AF579E2530BD967E87D983C6F4DD2639ED84A4B3CDBAB2B68
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFF34671EFF95FB92E.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFF3A6D93C86654809.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Windows\Temp\~DFF6C6D2BED911FDD7.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                        Entropy (8bit):1.605204939520094
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:Y8Ph4uRc06WXzAFT5QBddWQOSjndd4d/EqdGUDjgbQSSsndd4dXE8:nh411FTmdWN93D8Ng
                                                                                                                                                                                                                                        MD5:41C18DAD5667492341F4351C10C08706
                                                                                                                                                                                                                                        SHA1:DEC53CB530AC8C4CCC740DE5048CC0BD65646DA1
                                                                                                                                                                                                                                        SHA-256:7B3C3A0254C4FFDB360D5E86EBB7B2AB2243B4230F86F29F61D0701680B99BF1
                                                                                                                                                                                                                                        SHA-512:232CF572BEC056906631E6B995B8E8A2205C16F471812B7D343DDDCBF97EDC7D5BB68FCB7F3DBE9AF579E2530BD967E87D983C6F4DD2639ED84A4B3CDBAB2B68
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFF6C6D2BED911FDD7.TMP, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        \Device\ConDrv

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (337), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5166
                                                                                                                                                                                                                                        Entropy (8bit):5.050608166180844
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:Wgjg6gCQ/gnSi++aPGl7p7Al4gnSi++aPGl7p7Ac:7VL/N7c9L/N79
                                                                                                                                                                                                                                        MD5:1109057A824A67DA2812A58935A79EDA
                                                                                                                                                                                                                                        SHA1:3F566508AFC36ECA6647F276B24032DB7F45ECB9
                                                                                                                                                                                                                                        SHA-256:3EE3F93C04C7D70EAC6AD05FD548166E73A6F63E7010907FA67632A8C19496C7
                                                                                                                                                                                                                                        SHA-512:FB4EE9F6C3FD9D246E7B355F5CF67712F19D4A5A9D660489E096AA55EEC5F842914904290776EEAC718456D1D96E4953123748E067706357124189032729F358
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:2024-11-08 07:40:14.5614|ERROR|WuApiService|Error on retry number 1: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.....The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.....2024-11-08 07:41:12.1035|ERROR|WuApiService|Error on retry number 2: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.....The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.....2024-11-08 07:42:43.9977|ERROR|WuApiService|Error on retry number 3: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.....The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.....2024-11-08 07:44:01.7975|ERROR|AgentPackageOsUpdates|Error executin

                                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: Intel;1033, Revision Number: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}, Create Time/Date: Wed Feb 28 10:52:02 2024, Last Saved Time/Date: Wed Feb 28 10:52:02 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                                                        Entropy (8bit):7.87866697840517
                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                        • Microsoft Windows Installer (60509/1) 57.88%
                                                                                                                                                                                                                                        • ClickyMouse macro set (36024/1) 34.46%
                                                                                                                                                                                                                                        • Generic OLE2 / Multistream Compound File (8008/1) 7.66%
                                                                                                                                                                                                                                        File name:gaYiWz75kv.msi
                                                                                                                                                                                                                                        File size:2'994'176 bytes
                                                                                                                                                                                                                                        MD5:24551f611dd0042fb6f37c3556be9328
                                                                                                                                                                                                                                        SHA1:6732520636b45264b3fe08cdddb90e22e99ac40f
                                                                                                                                                                                                                                        SHA256:7e3e97a19d93606583c07808e3b352d65bf7f316e4f97d4808ca0c3e3efbade3
                                                                                                                                                                                                                                        SHA512:2660cc83a7cfd6eb0343497b1c944263790f1211eec26f4cb81b582e82fbb6d260ecdf9741203c964d3d154f7f1397021ea7928e440a590750731387d347ab09
                                                                                                                                                                                                                                        SSDEEP:49152:W+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:W+lUlz9FKbsodq0YaH7ZPxMb8tT
                                                                                                                                                                                                                                        TLSH:C9D523117584483AE3BB0A358D7AD6A05E7DFE605B70CA8E9308741E2D705C1AB76FB3
                                                                                                                                                                                                                                        File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                                        Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                                        Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

                                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                                        Start time:07:38:05
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\gaYiWz75kv.msi"
                                                                                                                                                                                                                                        Imagebase:0x7ff73f3e0000
                                                                                                                                                                                                                                        File size:69'632 bytes
                                                                                                                                                                                                                                        MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:1
                                                                                                                                                                                                                                        Start time:07:38:06
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                                                                        Imagebase:0x7ff73f3e0000
                                                                                                                                                                                                                                        File size:69'632 bytes
                                                                                                                                                                                                                                        MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:3
                                                                                                                                                                                                                                        Start time:07:38:07
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 9EC403ECF0C0C0E65714DE34CF3E0384
                                                                                                                                                                                                                                        Imagebase:0x4e0000
                                                                                                                                                                                                                                        File size:59'904 bytes
                                                                                                                                                                                                                                        MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:4
                                                                                                                                                                                                                                        Start time:07:38:07
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:rundll32.exe "C:\Windows\Installer\MSI52D0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4150234 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                                                                                                                                                                                                                                        Imagebase:0x160000
                                                                                                                                                                                                                                        File size:61'440 bytes
                                                                                                                                                                                                                                        MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000004.00000003.2051062600.00000000045E8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                                                                        Start time:07:38:08
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:rundll32.exe "C:\Windows\Installer\MSI591B.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4151609 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                                                                                                                                                                                                                                        Imagebase:0x160000
                                                                                                                                                                                                                                        File size:61'440 bytes
                                                                                                                                                                                                                                        MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000005.00000002.2111523595.0000000004594000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000005.00000003.2063906251.00000000042FF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000005.00000002.2111523595.00000000044F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:6
                                                                                                                                                                                                                                        Start time:07:38:14
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:rundll32.exe "C:\Windows\Installer\MSI6D01.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4157171 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                                                                                                                                                                                                                                        Imagebase:0x160000
                                                                                                                                                                                                                                        File size:61'440 bytes
                                                                                                                                                                                                                                        MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000006.00000003.2119683395.0000000004AAE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:7
                                                                                                                                                                                                                                        Start time:07:38:15
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding DF45D645E6A346EE279CFE96252995FD E Global\MSI0000
                                                                                                                                                                                                                                        Imagebase:0x4e0000
                                                                                                                                                                                                                                        File size:59'904 bytes
                                                                                                                                                                                                                                        MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:8
                                                                                                                                                                                                                                        Start time:07:38:15
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\net.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"NET" STOP AteraAgent
                                                                                                                                                                                                                                        Imagebase:0xc70000
                                                                                                                                                                                                                                        File size:47'104 bytes
                                                                                                                                                                                                                                        MD5 hash:31890A7DE89936F922D44D677F681A7F
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:9
                                                                                                                                                                                                                                        Start time:07:38:15
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:10
                                                                                                                                                                                                                                        Start time:07:38:15
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\net1.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\net1 STOP AteraAgent
                                                                                                                                                                                                                                        Imagebase:0x2e0000
                                                                                                                                                                                                                                        File size:139'776 bytes
                                                                                                                                                                                                                                        MD5 hash:2EFE6ED4C294AB8A39EB59C80813FEC1
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:11
                                                                                                                                                                                                                                        Start time:07:38:15
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"TaskKill.exe" /f /im AteraAgent.exe
                                                                                                                                                                                                                                        Imagebase:0xdd0000
                                                                                                                                                                                                                                        File size:74'240 bytes
                                                                                                                                                                                                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:12
                                                                                                                                                                                                                                        Start time:07:38:15
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:13
                                                                                                                                                                                                                                        Start time:07:38:15
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="gratefullytatum@gmail.com" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000MveCAIAZ" /AgentId="efdd2c58-d53a-48e0-bd64-b73430c78939"
                                                                                                                                                                                                                                        Imagebase:0x235396d0000
                                                                                                                                                                                                                                        File size:145'968 bytes
                                                                                                                                                                                                                                        MD5 hash:477293F80461713D51A98A24023D45E8
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000000.2136092382.00000235396D2000.00000002.00000001.01000000.0000000F.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2181724981.000002353B619000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2182517157.0000023553CE7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2183216765.0000023553F9A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2182517157.0000023553C10000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2181724981.000002353B6CC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2178484180.0000023539940000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2181724981.000002353B604000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2183193819.0000023553E70000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2178484180.00000235398E0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2181724981.000002353B60A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2181724981.000002353B682000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2181608102.0000023539BC0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2178484180.00000235398E6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2181724981.000002353B602000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2181724981.000002353B5DC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2184021272.00007FF848B14000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2181724981.000002353B5D9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2178484180.0000023539926000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2178484180.0000023539920000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2178484180.000002353996E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2181724981.000002353B551000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                        • Detection: 21%, ReversingLabs
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:14
                                                                                                                                                                                                                                        Start time:07:38:19
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                                                                                                                                                                                                                                        Imagebase:0x1cc87460000
                                                                                                                                                                                                                                        File size:145'968 bytes
                                                                                                                                                                                                                                        MD5 hash:477293F80461713D51A98A24023D45E8
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2705213274.000001CC88112000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2702495501.000001CC87510000.00000004.00000020.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2705213274.000001CC88114000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2702700714.000001CC8759F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2705213274.000001CC87D71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2705213274.000001CC883AA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2705213274.000001CC882AD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2705213274.000001CC8828D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2705213274.000001CC87FE7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2702700714.000001CC87617000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2702700714.000001CC875CC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2702700714.000001CC87590000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2705213274.000001CC87FA6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2705213274.000001CC87FE4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2705213274.000001CC87DF4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2738524015.000001CCA0A4C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2733842227.000001CCA0440000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2705213274.000001CC87E82000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2745482614.000001CCA0B00000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2705213274.000001CC88235000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2738524015.000001CCA0A11000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2755186667.000001CCA0FA4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2700970508.00000051B2725000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2738524015.000001CCA09B8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2702700714.000001CC8764B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2705213274.000001CC882A7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2754258230.000001CCA0F36000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2704442136.000001CC87890000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2705213274.000001CC87DC7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2738524015.000001CCA0A87000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2755090717.000001CCA0F7B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2705213274.000001CC87F0A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2705213274.000001CC87FFA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2738524015.000001CCA09D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2733842227.000001CCA0499000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2705213274.000001CC88030000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:15
                                                                                                                                                                                                                                        Start time:07:38:20
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                                                                                                                                                                                                                        Imagebase:0x7ff636570000
                                                                                                                                                                                                                                        File size:72'192 bytes
                                                                                                                                                                                                                                        MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:16
                                                                                                                                                                                                                                        Start time:07:38:20
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:17
                                                                                                                                                                                                                                        Start time:07:38:20
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:rundll32.exe "C:\Windows\Installer\MSI8958.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4163937 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                                                                                                                                                                                                                                        Imagebase:0x160000
                                                                                                                                                                                                                                        File size:61'440 bytes
                                                                                                                                                                                                                                        MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000011.00000003.2187127976.0000000004AB3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000011.00000002.2236683009.0000000004BC1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000011.00000002.2236683009.0000000004C64000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:19
                                                                                                                                                                                                                                        Start time:07:38:38
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "4a6f545b-aae0-4508-bfae-1a58ed989cb7" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MveCAIAZ
                                                                                                                                                                                                                                        Imagebase:0x238c2270000
                                                                                                                                                                                                                                        File size:177'712 bytes
                                                                                                                                                                                                                                        MD5 hash:31DEF444E6135301EA3C38A985341837
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000002.2388938556.00000238C23A1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000000.2360050618.00000238C2272000.00000002.00000001.01000000.00000016.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000002.2388938556.00000238C2385000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000002.2388938556.00000238C23A7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000002.2388938556.00000238C2443000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000002.2389752253.00000238C26C0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000002.2388938556.00000238C236C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000002.2389956341.00000238C2C53000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000002.2389816421.00000238C26F2000.00000002.00000001.01000000.00000018.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000002.2389956341.00000238C2BE1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000002.2388938556.00000238C23EA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000002.2389956341.00000238C2C63000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000002.2388938556.00000238C2360000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                        • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:20
                                                                                                                                                                                                                                        Start time:07:38:38
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:21
                                                                                                                                                                                                                                        Start time:07:38:42
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "4742ab29-7a91-4005-8b85-9d822d2d207b" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000MveCAIAZ
                                                                                                                                                                                                                                        Imagebase:0x231e7ed0000
                                                                                                                                                                                                                                        File size:177'712 bytes
                                                                                                                                                                                                                                        MD5 hash:31DEF444E6135301EA3C38A985341837
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2407632546.0000023180073000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2407632546.0000023180001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2408655960.00000231E8240000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2408053911.00000231E80A9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2408053911.00000231E8124000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2407632546.0000023180083000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2408053911.00000231E80DB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2408053911.00000231E80A0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:22
                                                                                                                                                                                                                                        Start time:07:38:42
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:23
                                                                                                                                                                                                                                        Start time:07:38:42
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                                                                                                                                                                                                                                        Imagebase:0x22f5c680000
                                                                                                                                                                                                                                        File size:145'968 bytes
                                                                                                                                                                                                                                        MD5 hash:477293F80461713D51A98A24023D45E8
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2956708927.0000022F5CAE0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2959874922.0000022F5D28A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.3297945299.0000022F75D68000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2959874922.0000022F5D03B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2944517637.0000022F5C800000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2959874922.0000022F5D0C2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2959874922.0000022F5D75D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2959874922.0000022F5D858000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2959874922.0000022F5D90A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.3297945299.0000022F75D96000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2959874922.0000022F5D64B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2959874922.0000022F5D5DF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2959874922.0000022F5D9AA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2959874922.0000022F5D629000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2959874922.0000022F5D7D0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2959874922.0000022F5D94F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2959874922.0000022F5D7EF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2959874922.0000022F5D878000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2959874922.0000022F5D41F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2959874922.0000022F5D2E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2959874922.0000022F5D3FD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.3297945299.0000022F75CE6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2959874922.0000022F5D2C9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2959874922.0000022F5D754000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2959874922.0000022F5D28C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2959874922.0000022F5D987000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2959874922.0000022F5D99E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2959874922.0000022F5D791000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.3297945299.0000022F75D39000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2943884457.0000022F5C730000.00000004.00000020.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.3297945299.0000022F75D4B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2944517637.0000022F5C83D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2944517637.0000022F5C886000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2959874922.0000022F5D5F6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2959874922.0000022F5D8FD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2931616433.000000ED882F5000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2959874922.0000022F5CFD1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.3297945299.0000022F75D1D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2959874922.0000022F5D72B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2959874922.0000022F5D499000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2959874922.0000022F5D316000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2959874922.0000022F5D91F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2959874922.0000022F5D4D0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.3280065409.0000022F75934000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.3280065409.0000022F759CB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2959874922.0000022F5DA5F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.3297945299.0000022F75CB0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2959874922.0000022F5D403000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000017.00000002.2959874922.0000022F5D526000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:24
                                                                                                                                                                                                                                        Start time:07:38:43
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                                                                                                                                                                                                                        Imagebase:0x7ff636570000
                                                                                                                                                                                                                                        File size:72'192 bytes
                                                                                                                                                                                                                                        MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:25
                                                                                                                                                                                                                                        Start time:07:38:43
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:26
                                                                                                                                                                                                                                        Start time:07:38:43
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "c61212b5-ba91-4c65-bc4f-c4676c20bb42" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000MveCAIAZ
                                                                                                                                                                                                                                        Imagebase:0x27c315c0000
                                                                                                                                                                                                                                        File size:177'712 bytes
                                                                                                                                                                                                                                        MD5 hash:31DEF444E6135301EA3C38A985341837
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001A.00000002.2651999473.0000027C3213D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001A.00000002.2651999473.0000027C320CC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001A.00000002.2649064091.0000027C316BE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001A.00000002.2651999473.0000027C320D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001A.00000002.2669003421.0000027C4A7FB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001A.00000002.2649064091.0000027C316C8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001A.00000002.2649064091.0000027C31680000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001A.00000002.2651999473.0000027C31F11000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001A.00000002.2651999473.0000027C31FA4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001A.00000002.2649064091.0000027C31707000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001A.00000002.2651999473.0000027C32139000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001A.00000002.2671086615.0000027C4A9D3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001A.00000002.2651999473.0000027C32073000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001A.00000002.2668787157.0000027C4A7DC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001A.00000002.2669458596.0000027C4A930000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001A.00000002.2651999473.0000027C31F87000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001A.00000002.2651999473.0000027C3210C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001A.00000002.2651068075.0000027C318A0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001A.00000002.2651999473.0000027C321A6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:27
                                                                                                                                                                                                                                        Start time:07:38:43
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:28
                                                                                                                                                                                                                                        Start time:07:38:44
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                                                                                                                                                                                                        Imagebase:0x7ff717ba0000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001C.00000002.2560008247.00000206C82DB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001C.00000003.2423324134.00000206C82F8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001C.00000002.2560008247.00000206C82F6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001C.00000003.2422064037.00000206C8430000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001C.00000002.2560487111.00000206C8410000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001C.00000002.2560008247.00000206C82D0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:29
                                                                                                                                                                                                                                        Start time:07:38:44
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:30
                                                                                                                                                                                                                                        Start time:07:38:44
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cscript.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                                                                                                                                                                                                        Imagebase:0x7ff6698b0000
                                                                                                                                                                                                                                        File size:161'280 bytes
                                                                                                                                                                                                                                        MD5 hash:24590BF74BBBBFD7D7AC070F4E3C44FD
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001E.00000002.2557028461.000001ACEF6A0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:31
                                                                                                                                                                                                                                        Start time:07:38:45
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "81622bfe-fdc1-4fd4-b863-087ece04432b" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIn0=" 001Q300000MveCAIAZ
                                                                                                                                                                                                                                        Imagebase:0x15fbfb90000
                                                                                                                                                                                                                                        File size:74'288 bytes
                                                                                                                                                                                                                                        MD5 hash:749C51599FBF82422791E0DF1C1E841C
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3358663032.0000015FC059D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000000.2431897307.0000015FBFB92000.00000002.00000001.01000000.0000001A.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3351854155.0000015FBFD3C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3351561531.0000015FBFD10000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3375067155.0000015FD8E60000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3344124011.0000004FA66F1000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3351854155.0000015FBFDBE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3351854155.0000015FBFD30000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3358663032.0000015FC0498000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3358663032.0000015FC0421000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3351854155.0000015FBFD72000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe, Author: Joe Security
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:32
                                                                                                                                                                                                                                        Start time:07:38:45
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\sppsvc.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\sppsvc.exe
                                                                                                                                                                                                                                        Imagebase:0x7ff632ac0000
                                                                                                                                                                                                                                        File size:4'630'384 bytes
                                                                                                                                                                                                                                        MD5 hash:320823F03672CEB82CC3A169989ABD12
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:33
                                                                                                                                                                                                                                        Start time:07:38:45
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:34
                                                                                                                                                                                                                                        Start time:07:38:47
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "ccc9e31c-ab21-4891-b7ee-8c3371f201f4" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000MveCAIAZ
                                                                                                                                                                                                                                        Imagebase:0x1617cb60000
                                                                                                                                                                                                                                        File size:398'384 bytes
                                                                                                                                                                                                                                        MD5 hash:5E3252E0248B484E76FCDBF8B42A645D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000022.00000002.2456780674.0000016100086000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000022.00000002.2456780674.0000016100079000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000022.00000002.2463850544.000001617CD30000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000022.00000002.2456000442.0000005DCC3D1000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000022.00000000.2451905347.000001617CB62000.00000002.00000001.01000000.0000001B.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000022.00000002.2473005002.000001617CF30000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000022.00000002.2463850544.000001617CD3C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000022.00000002.2463850544.000001617CDBF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000022.00000002.2456780674.0000016100001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000022.00000002.2473335325.000001617D3C2000.00000002.00000001.01000000.0000001C.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000022.00000002.2463850544.000001617CD73000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe, Author: Joe Security
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:35
                                                                                                                                                                                                                                        Start time:07:38:47
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:36
                                                                                                                                                                                                                                        Start time:07:38:48
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "c61212b5-ba91-4c65-bc4f-c4676c20bb42" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000MveCAIAZ
                                                                                                                                                                                                                                        Imagebase:0x25eb2030000
                                                                                                                                                                                                                                        File size:177'712 bytes
                                                                                                                                                                                                                                        MD5 hash:31DEF444E6135301EA3C38A985341837
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000024.00000002.2652301372.0000025EB2BBD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000024.00000002.2675610765.0000025ECB559000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000024.00000002.2649907445.0000025EB21AB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000024.00000002.2652301372.0000025EB2AF3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000024.00000002.2652301372.0000025EB2C28000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000024.00000002.2672986789.0000025ECB457000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000024.00000002.2649907445.0000025EB21F4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000024.00000002.2652301372.0000025EB2A23000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000024.00000002.2652301372.0000025EB2BBA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000024.00000002.2652301372.0000025EB2B51000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000024.00000002.2649418067.0000025EB2170000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000024.00000002.2652301372.0000025EB2B8F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000024.00000002.2649907445.0000025EB21B7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000024.00000002.2670053251.0000025ECB378000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000024.00000002.2652301372.0000025EB2991000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000024.00000002.2666249386.0000025ECB280000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000024.00000002.2649907445.0000025EB218B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000024.00000002.2652301372.0000025EB29A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000024.00000002.2652301372.0000025EB2B8C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000024.00000002.2651755091.0000025EB2520000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000024.00000002.2652301372.0000025EB2B4C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000024.00000002.2652301372.0000025EB2C6F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:37
                                                                                                                                                                                                                                        Start time:07:38:48
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:38
                                                                                                                                                                                                                                        Start time:07:38:49
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                                                                                                                                                                                                        Imagebase:0x7ff717ba0000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000026.00000002.2549200371.00000215DC870000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000026.00000002.2548793565.00000215DC650000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000026.00000002.2548793565.00000215DC65B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000026.00000003.2470481991.00000215DC890000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000026.00000002.2548793565.00000215DC673000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:39
                                                                                                                                                                                                                                        Start time:07:38:49
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:40
                                                                                                                                                                                                                                        Start time:07:38:49
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cscript.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                                                                                                                                                                                                        Imagebase:0x7ff6698b0000
                                                                                                                                                                                                                                        File size:161'280 bytes
                                                                                                                                                                                                                                        MD5 hash:24590BF74BBBBFD7D7AC070F4E3C44FD
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000028.00000002.2546126278.0000024FB2410000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:42
                                                                                                                                                                                                                                        Start time:07:38:58
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\System32\svchost.exe -k smphost
                                                                                                                                                                                                                                        Imagebase:0x7ff7e52b0000
                                                                                                                                                                                                                                        File size:55'320 bytes
                                                                                                                                                                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:43
                                                                                                                                                                                                                                        Start time:07:39:02
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "ccc9e31c-ab21-4891-b7ee-8c3371f201f4" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000MveCAIAZ
                                                                                                                                                                                                                                        Imagebase:0x2ad89c40000
                                                                                                                                                                                                                                        File size:398'384 bytes
                                                                                                                                                                                                                                        MD5 hash:5E3252E0248B484E76FCDBF8B42A645D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.2645670429.000002AD89D30000.00000004.00000020.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.2645830459.000002AD89E60000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.2645830459.000002AD89EA4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.2666445512.000002ADA3CF5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.2666358319.000002ADA3AF7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.2647176737.000002AD8AB13000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.2695647531.00007FF89F7E9000.00000004.00000001.01000000.0000001E.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.2645830459.000002AD89E9C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.2645830459.000002AD89E69000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.2645702362.000002AD89E10000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.2666712360.000002ADA3D06000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.2658023197.000002ADA2E8B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.2647176737.000002AD8A64E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.2645830459.000002AD89EE4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.2658023197.000002ADA2E70000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002B.00000002.2647176737.000002AD8A561000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:44
                                                                                                                                                                                                                                        Start time:07:39:02
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:45
                                                                                                                                                                                                                                        Start time:07:39:15
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "6d3932b7-d595-4ec1-ba45-8ee0e9e068b8" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000MveCAIAZ
                                                                                                                                                                                                                                        Imagebase:0x1d187200000
                                                                                                                                                                                                                                        File size:177'712 bytes
                                                                                                                                                                                                                                        MD5 hash:31DEF444E6135301EA3C38A985341837
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.2953858003.000001D187376000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.2953858003.000001D1872F0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.3126006908.000001D1A075A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.2971540416.000001D187680000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.2953858003.000001D187333000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.2973160106.000001D187CE3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.3076587822.000001D1A0490000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.2973160106.000001D187C71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.2953858003.000001D18732B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.2973160106.000001D188256000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.2973160106.000001D187CF3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.2953858003.000001D1873B1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.3090524066.000001D1A0579000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.2973160106.000001D188259000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.2973160106.000001D187CB7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.2973160106.000001D18820E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.2973160106.000001D187E46000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:46
                                                                                                                                                                                                                                        Start time:07:39:15
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:47
                                                                                                                                                                                                                                        Start time:07:39:15
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "6dc6b569-88f8-4c0b-ba4d-f407efaa2a09" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000MveCAIAZ
                                                                                                                                                                                                                                        Imagebase:0x1934ea80000
                                                                                                                                                                                                                                        File size:398'384 bytes
                                                                                                                                                                                                                                        MD5 hash:5E3252E0248B484E76FCDBF8B42A645D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.3096669764.0000019368BE5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.2945207478.000001934FB6B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.2945207478.000001934FBEF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.2945207478.000001934FBBA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.3330043667.00007FF89F7F0000.00000004.00000001.01000000.0000001E.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.2941952671.000001934EF00000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.2931583067.000001934EBEF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.3097924695.0000019368BF9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.2945207478.000001934F796000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.3105681849.0000019368DD7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.2945207478.000001934F9A4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.2931583067.000001934EC21000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.2945207478.000001934F785000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.2945207478.000001934FBF5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.2945207478.000001934FA8C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.3068460618.0000019367D20000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.3105681849.0000019368D1D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.2945207478.000001934F5E9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.3095971394.0000019368BE2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.2945207478.000001934F501000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.2931583067.000001934EBBB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.2945207478.000001934F939000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.2945207478.000001934F893000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.2931583067.000001934EBDA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.2945207478.000001934FBAC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.3095519048.00000193689D7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.2931583067.000001934EBA0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.2931341396.000001934EB70000.00000004.00000020.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.2945207478.000001934F78F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.2945207478.000001934FAE9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:48
                                                                                                                                                                                                                                        Start time:07:39:15
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:49
                                                                                                                                                                                                                                        Start time:07:39:16
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                                                                                                                                                                                                        Imagebase:0x7ff717ba0000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000031.00000002.2900241749.00000249ECB9B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000031.00000002.2900241749.00000249ECB90000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000031.00000002.2900363771.00000249ECD60000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000031.00000002.2900241749.00000249ECBB3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000031.00000003.2742717448.00000249ECD80000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:50
                                                                                                                                                                                                                                        Start time:07:39:16
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:51
                                                                                                                                                                                                                                        Start time:07:39:16
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cscript.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                                                                                                                                                                                                        Imagebase:0x7ff6698b0000
                                                                                                                                                                                                                                        File size:161'280 bytes
                                                                                                                                                                                                                                        MD5 hash:24590BF74BBBBFD7D7AC070F4E3C44FD
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000033.00000002.2896722646.00000160D6720000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:52
                                                                                                                                                                                                                                        Start time:07:39:17
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "c293db25-a44a-4495-86a5-1d156f7b88b1" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000MveCAIAZ
                                                                                                                                                                                                                                        Imagebase:0x24faac20000
                                                                                                                                                                                                                                        File size:55'344 bytes
                                                                                                                                                                                                                                        MD5 hash:D11B2139D29E79D795054C3866898B7F
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000034.00000002.3045785665.000000A9B58F3000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000034.00000002.3221733262.0000024FC3DC0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000034.00000002.3226195005.0000024FC3E4F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000034.00000002.3055734336.0000024FAAD08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000034.00000002.3053700556.0000024FAACC0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000034.00000002.3055734336.0000024FAAD4D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000034.00000002.3055734336.0000024FAACE0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000034.00000002.3226195005.0000024FC3DFA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000034.00000002.3080226832.0000024FAAF25000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000034.00000002.3224524531.0000024FC3DEA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000034.00000000.2748557710.0000024FAAC22000.00000002.00000001.01000000.00000026.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000034.00000002.3081813602.0000024FAB060000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000034.00000002.3055734336.0000024FAAD01000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000034.00000002.3084404253.0000024FAB7FC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000034.00000002.3084404253.0000024FAB581000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000034.00000002.3084404253.0000024FAB6F3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:53
                                                                                                                                                                                                                                        Start time:07:39:17
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:54
                                                                                                                                                                                                                                        Start time:07:39:18
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "1a38e639-d8b2-4578-a9b2-1e798ca9efea" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000MveCAIAZ
                                                                                                                                                                                                                                        Imagebase:0x1c1bba70000
                                                                                                                                                                                                                                        File size:33'320 bytes
                                                                                                                                                                                                                                        MD5 hash:F531D3157E9FF57EEA92DB36C40E283E
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000000.2762227421.000001C1BBA72000.00000002.00000001.01000000.00000028.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe, Author: Joe Security
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:55
                                                                                                                                                                                                                                        Start time:07:39:18
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:56
                                                                                                                                                                                                                                        Start time:07:39:20
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "d3c5afbf-763e-48ba-a818-4ee2d8365577" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 001Q300000MveCAIAZ
                                                                                                                                                                                                                                        Imagebase:0x1fadc890000
                                                                                                                                                                                                                                        File size:56'872 bytes
                                                                                                                                                                                                                                        MD5 hash:A739B889642CA9CE4AD3A37A3C521604
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000002.2906772864.000001FADC910000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000002.2923848146.000001FADCD02000.00000002.00000001.01000000.00000037.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000002.3013835936.000001FAF5B38000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000002.2929220861.000001FADD57E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000002.2906772864.000001FADC92B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000002.2929220861.000001FADD598000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000002.2929220861.000001FADD7AA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000002.3022026368.000001FAF5D44000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000002.2929220861.000001FADD476000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000002.2929220861.000001FADD442000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000002.2929220861.000001FADD6FD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000002.2929220861.000001FADD85E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000002.2906772864.000001FADC999000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000002.2906772864.000001FADCA01000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000000.2780901484.000001FADC892000.00000002.00000001.01000000.00000029.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000002.3005820443.000001FAF5AC0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000002.2929220861.000001FADD87D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000002.2929220861.000001FADD733000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000002.2922925223.000001FADCC00000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000002.2906772864.000001FADC918000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000002.2929220861.000001FADD45E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000002.3022026368.000001FAF5D10000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000002.2929220861.000001FADD868000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000002.2929220861.000001FADD231000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000002.2906772864.000001FADC958000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000002.2929220861.000001FADD482000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000002.2906772864.000001FADC94D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000002.2929220861.000001FADD63F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe, Author: Joe Security
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:57
                                                                                                                                                                                                                                        Start time:07:39:20
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:58
                                                                                                                                                                                                                                        Start time:07:39:21
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "175cc305-cc6c-4927-a3b6-18d54ad920b0" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000MveCAIAZ
                                                                                                                                                                                                                                        Imagebase:0x2386e7b0000
                                                                                                                                                                                                                                        File size:219'696 bytes
                                                                                                                                                                                                                                        MD5 hash:01807774F043028EC29982A62FA75941
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003A.00000002.2860563478.0000023800233000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003A.00000002.2860563478.000002380022B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003A.00000002.2894242771.000002386E9BD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003A.00000002.2894242771.000002386E8F0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003A.00000002.2905892729.000002386FAB6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003A.00000002.2894242771.000002386E93A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003A.00000002.2860563478.000002380016C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003A.00000002.2905892729.000002386FA20000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003A.00000002.2860563478.0000023800001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003A.00000002.2894242771.000002386E97B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003A.00000002.2894242771.000002386E930000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003A.00000000.2793424325.000002386E7B2000.00000002.00000001.01000000.0000002A.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003A.00000002.2860563478.0000023800235000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003A.00000002.2860563478.000002380001E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003A.00000002.2894242771.000002386E8FC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003A.00000002.2860563478.0000023800231000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003A.00000002.2904685000.000002386EC50000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003A.00000002.2860563478.0000023800020000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe, Author: Joe Security
                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                        • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:59
                                                                                                                                                                                                                                        Start time:07:39:22
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" schedulerrun
                                                                                                                                                                                                                                        Imagebase:0x1d428850000
                                                                                                                                                                                                                                        File size:55'344 bytes
                                                                                                                                                                                                                                        MD5 hash:D11B2139D29E79D795054C3866898B7F
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003B.00000002.3334484189.000001D441C3B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003B.00000002.3214406393.000001D429413000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003B.00000002.3096158574.000001D428BC7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003B.00000002.3214406393.000001D429323000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003B.00000002.3214406393.000001D42942B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003B.00000002.3214406393.000001D4292A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003B.00000002.3096158574.000001D428AD0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003B.00000002.3334484189.000001D441C28000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003B.00000002.3096158574.000001D428B0F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003B.00000002.3096158574.000001D428B00000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003B.00000002.3059552885.000001D428A60000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003B.00000002.3096158574.000001D428AD9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003B.00000002.3096158574.000001D428B57000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:60
                                                                                                                                                                                                                                        Start time:07:39:22
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:61
                                                                                                                                                                                                                                        Start time:07:39:22
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "276ad274-97c6-4ad6-a5ad-71fef5b6c1d9" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000MveCAIAZ
                                                                                                                                                                                                                                        Imagebase:0x2a708480000
                                                                                                                                                                                                                                        File size:51'752 bytes
                                                                                                                                                                                                                                        MD5 hash:C0F02EAA3EB28659D8F1BCBA8DE48479
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003D.00000002.2857849444.000002A7087E2000.00000002.00000001.01000000.0000002D.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003D.00000002.2871454779.000002A7090EC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003D.00000002.2826467148.000002A70869D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003D.00000000.2804868198.000002A708482000.00000002.00000001.01000000.0000002B.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003D.00000002.2826467148.000002A70861C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003D.00000002.2871454779.000002A709106000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003D.00000002.2826467148.000002A708651000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003D.00000002.2860247483.000002A708810000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003D.00000002.2826467148.000002A708610000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003D.00000002.2871454779.000002A709071000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe, Author: Joe Security
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:62
                                                                                                                                                                                                                                        Start time:07:39:22
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:63
                                                                                                                                                                                                                                        Start time:07:39:23
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" efdd2c58-d53a-48e0-bd64-b73430c78939 "3caeb474-f589-4b7e-af90-d040b4bb9be8" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000MveCAIAZ
                                                                                                                                                                                                                                        Imagebase:0x1f1983d0000
                                                                                                                                                                                                                                        File size:200'744 bytes
                                                                                                                                                                                                                                        MD5 hash:5F782D0CB0F717AE9DFD1B4DA1295F15
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003F.00000002.2983307499.000001F199013000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003F.00000002.2983307499.000001F19901D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003F.00000002.2958093860.000001F198560000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003F.00000000.2809783648.000001F1983D2000.00000002.00000001.01000000.0000002C.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003F.00000002.2983307499.000001F19904F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003F.00000002.2983307499.000001F1993FC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003F.00000002.2958093860.000001F19856C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003F.00000002.2983307499.000001F198E01000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003F.00000002.2958093860.000001F1985A8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003F.00000002.2983307499.000001F198F9E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003F.00000002.2958093860.000001F19862D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003F.00000002.2983307499.000001F1993ED000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003F.00000002.2983307499.000001F198F94000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003F.00000002.2983307499.000001F19915B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003F.00000002.2958093860.000001F1985A1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003F.00000002.2983307499.000001F199047000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003F.00000002.3127670531.000001F1B15D0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003F.00000002.2958093860.000001F1985ED000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003F.00000002.2951780976.0000005B97CF6000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003F.00000002.2983307499.000001F198ED6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003F.00000002.3127670531.000001F1B1654000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003F.00000002.2972647175.000001F198842000.00000002.00000001.01000000.00000039.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003F.00000002.2971960519.000001F198820000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000003F.00000002.2983307499.000001F1990C2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe, Author: Joe Security
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:64
                                                                                                                                                                                                                                        Start time:07:39:23
                                                                                                                                                                                                                                        Start date:08/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                          Function 06B91630 Relevance: 2.7, Strings: 2, Instructions: 155COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000003.2058946582.0000000006B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_3_6b90000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: $eq$$eq
                                                                                                                                                                                                                                          • API String ID: 0-2246304398
                                                                                                                                                                                                                                          • Opcode ID: 302ffae4d218486462eed671ade1d6a130707df62d5ef3441345fcbd63116eaa
                                                                                                                                                                                                                                          • Instruction ID: 2315c3fa9c2f441e5fad5ae01c098854a360fce66509d081a2b1ac90a40b3538
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 302ffae4d218486462eed671ade1d6a130707df62d5ef3441345fcbd63116eaa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F251DFB5B002068FCF55DF7CD8406AEBBF6EB89250B1481BAE815D7364DA349D01DBA1
                                                                                                                                                                                                                                          Function 06B91080 Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000003.2058946582.0000000006B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_3_6b90000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (iq
                                                                                                                                                                                                                                          • API String ID: 0-3943945277
                                                                                                                                                                                                                                          • Opcode ID: 6cf7968b0d4601d50543344d0d4bd108341b5786ad71dd1b47e72f5695019e3a
                                                                                                                                                                                                                                          • Instruction ID: a6967ffd8d1b361dcffc95ca7efa4729c2b7e8cfdad7a1ac0cc753b22f979e72
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6cf7968b0d4601d50543344d0d4bd108341b5786ad71dd1b47e72f5695019e3a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C871A475B102159FDF55AB79C85466E7AA7EFC8200F148079E906E73A4DE30DC42CBA0
                                                                                                                                                                                                                                          Function 06B90C1C Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000003.2058946582.0000000006B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_3_6b90000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (iq
                                                                                                                                                                                                                                          • API String ID: 0-3943945277
                                                                                                                                                                                                                                          • Opcode ID: ee083d3db8122d67552d1c607bcb3a31e799b8e9596da6ce285c4875d71e9ee6
                                                                                                                                                                                                                                          • Instruction ID: e02810634a0d107b239b580d6402b6cb47c72ed6a7a272bde76a799eb942b4b5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ee083d3db8122d67552d1c607bcb3a31e799b8e9596da6ce285c4875d71e9ee6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D51E470B14215AFEB84EB78D8547AE7BB2EF89310F1484A9D406E7381CE795C46CBB0
                                                                                                                                                                                                                                          Function 06B90E8C Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000003.2058946582.0000000006B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_3_6b90000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (iq
                                                                                                                                                                                                                                          • API String ID: 0-3943945277
                                                                                                                                                                                                                                          • Opcode ID: 36ce6e37e3a0d4239a97333c1d654b6fd38c96e59a3cfaec9967c41bb4777a71
                                                                                                                                                                                                                                          • Instruction ID: be33f12dc2c9728cc7a16d36d007134194be03219878dae2de84ed77356b9a25
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36ce6e37e3a0d4239a97333c1d654b6fd38c96e59a3cfaec9967c41bb4777a71
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A84135B1F101152BEF88AA7998A4B6E6B97DFC8710F10847DD906EB380CE359D0687F0
                                                                                                                                                                                                                                          Function 06B92644 Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000003.2058946582.0000000006B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_3_6b90000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (iq
                                                                                                                                                                                                                                          • API String ID: 0-3943945277
                                                                                                                                                                                                                                          • Opcode ID: 23ff2f5fd03d24692e31cef7c40cf547e7fee15239460e6c84c9a1fb7259ec2b
                                                                                                                                                                                                                                          • Instruction ID: 879c904734561c2a6485423531ae9f5c3a21f6369464c5c7b81a73add7df2ec1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 23ff2f5fd03d24692e31cef7c40cf547e7fee15239460e6c84c9a1fb7259ec2b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A93146B2F283542BEFA5A639585437E2BDACF86714F0484BAD905C7382DD78CD4683B1
                                                                                                                                                                                                                                          Function 06B91378 Relevance: 1.3, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000003.2058946582.0000000006B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_3_6b90000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: e@u
                                                                                                                                                                                                                                          • API String ID: 0-2148719110
                                                                                                                                                                                                                                          • Opcode ID: 945cda030b2b575f1c3072d04a8e79ec9644e41564843c5e182b20fabfeb3050
                                                                                                                                                                                                                                          • Instruction ID: 3953c298057af8dd2e69af1e0ce7ae430d7f30bf02c90ec4466d1b73b3f171ac
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 945cda030b2b575f1c3072d04a8e79ec9644e41564843c5e182b20fabfeb3050
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B2124B1D042098FDB20DFAAC884AEEFBF4FF89324F14802AD519A7250CB755945CFA5
                                                                                                                                                                                                                                          Function 06B91380 Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000003.2058946582.0000000006B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_3_6b90000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: e@u
                                                                                                                                                                                                                                          • API String ID: 0-2148719110
                                                                                                                                                                                                                                          • Opcode ID: 63182944887c6ed383197735201ced163251849c294b595cbd30f3734e0a2c5a
                                                                                                                                                                                                                                          • Instruction ID: 92e35b7870d2146bfa6aede2724bc4f3d3d67a377dc270ca530a5178369fb625
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63182944887c6ed383197735201ced163251849c294b595cbd30f3734e0a2c5a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 471117B5D042098FDB20DFAAC881AEEFBF4FF88324F14842AD51967240CB756945CFA5
                                                                                                                                                                                                                                          Function 06B92764 Relevance: .4, Instructions: 393COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000003.2058946582.0000000006B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_3_6b90000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 14844ceac310aeb8b66d94ec3e7946eb085de65fab2bb79d76cfc9954180e43d
                                                                                                                                                                                                                                          • Instruction ID: e509cd2360028ca5a52eac55c4129d58dcf18c5dd16a8347d557d586d9eea304
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14844ceac310aeb8b66d94ec3e7946eb085de65fab2bb79d76cfc9954180e43d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7AE012F6D162049F8B94DF79944159ABFF0AB55600B1142BEE81DD7311F6368A02CBA1
                                                                                                                                                                                                                                          Function 06B923B8 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000003.2058946582.0000000006B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_3_6b90000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a7410e9bd3564c7dadb8e461ef924c9fdfdee416231e180a60237aea34dd3a09
                                                                                                                                                                                                                                          • Instruction ID: ce963a41851c1dbdf2557775da8bcff3fb4ae33925d49d8e0fde3b7a2247940f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7410e9bd3564c7dadb8e461ef924c9fdfdee416231e180a60237aea34dd3a09
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 07510371F212119FDB50CB68D890A6ABBB1EF44314F1581FAE618CB362DB31DD41CBA1
                                                                                                                                                                                                                                          Function 06B91F08 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000003.2058946582.0000000006B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_3_6b90000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 22dca658440a3005e19d183f6e1e9ea76049a1a0063a6c2161962b96e3b30189
                                                                                                                                                                                                                                          • Instruction ID: 9b83856964efdea263af11b229e2cfb78a3fada993dd396b96a445b320393b58
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 22dca658440a3005e19d183f6e1e9ea76049a1a0063a6c2161962b96e3b30189
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 723166B3B0420A2FDF94AA697C6172F7B5ACBC0241F0444BAE5088F2A5DA349C01E7F1
                                                                                                                                                                                                                                          Function 06B92268 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000003.2058946582.0000000006B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_3_6b90000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2408f43dafb81581591201d9aa1eb3f2258f8d8363afb1ae80e54060c8fc2c59
                                                                                                                                                                                                                                          • Instruction ID: 97d4967ce62a0335812af943fdb671e10f842c44a72f5f25a954ca7bdcadf41d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2408f43dafb81581591201d9aa1eb3f2258f8d8363afb1ae80e54060c8fc2c59
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2041F679B101149FCB94DF78D98099EBBB6FF88710B108169E905EB364DB31ED41CBA0
                                                                                                                                                                                                                                          Function 06B91050 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000003.2058946582.0000000006B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_3_6b90000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 44c1f3064154fdaee70494ed56e48efb22a25f9dabfa6521614af70bbd006d5b
                                                                                                                                                                                                                                          • Instruction ID: 286709ace88ce189d3c80fb43e5ad5a5b163eca25209526c373a328e7b144808
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44c1f3064154fdaee70494ed56e48efb22a25f9dabfa6521614af70bbd006d5b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9213AB2B10224ABEF50DA7C88606EE7BAADF85240F0484B6D506DB381DA31CD06C7B1
                                                                                                                                                                                                                                          Function 06B92664 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000003.2058946582.0000000006B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_3_6b90000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: efe3150bff99efeaf0f77b6fe1b93844d1a76aa68c4f62a3d3d028df2ea0c794
                                                                                                                                                                                                                                          • Instruction ID: bee6efc5f5238fe209b00c6b6e322a102cecf686b4deba068197be8a562ab2e3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: efe3150bff99efeaf0f77b6fe1b93844d1a76aa68c4f62a3d3d028df2ea0c794
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E41124B3E612197FEF80267968543EA3F98CF41361F1084B6EE1C9A251D938C98693F1
                                                                                                                                                                                                                                          Function 06B92258 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000003.2058946582.0000000006B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_3_6b90000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: bc2cb07c21f461ea2ae0038798b6017db045dc00b06ad4c0c2c351b861a06d4f
                                                                                                                                                                                                                                          • Instruction ID: c9c197ea5d7d51d1451576e63de2381784ec3b25d9b2d76e2a9c63b6f080b0a1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc2cb07c21f461ea2ae0038798b6017db045dc00b06ad4c0c2c351b861a06d4f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A11D8B5E101149FCB94DF79D88499EBBB1EF4C710F108169E915AB360EB319942CBA0
                                                                                                                                                                                                                                          Function 06B91958 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000003.2058946582.0000000006B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_3_6b90000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 6df7abac75646e070b5bd495251ae6e72f6541841d1b39b56d0c79714591707c
                                                                                                                                                                                                                                          • Instruction ID: af822b9b173009e9bfd8ccb19072178b057575efc559c9fc730eb4774b716c76
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6df7abac75646e070b5bd495251ae6e72f6541841d1b39b56d0c79714591707c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D118175A10114AFDB44DF64D458AAD7FB2EF8C311F108469E80AA7340CB756C85CFB0
                                                                                                                                                                                                                                          Function 06B91968 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000003.2058946582.0000000006B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_3_6b90000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 52a0b2195d7dd16f7509cfdcd2ee7b80c141e7bae9f803eb5ddb0609a1b41e6c
                                                                                                                                                                                                                                          • Instruction ID: ec61f75c313477f3e30a2114c37738fb343eeb7836fdac5427a87b7d4da4f418
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52a0b2195d7dd16f7509cfdcd2ee7b80c141e7bae9f803eb5ddb0609a1b41e6c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66114275610215AFDB44DF54D459AAD7BB6EF8C311F148429E809A7340CF796C85CFB0
                                                                                                                                                                                                                                          Function 06B91440 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000003.2058946582.0000000006B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_3_6b90000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ea199a7ff8b585cdd3c044a71085e18661c6b9da49844bc5b4f817a37c5c67f3
                                                                                                                                                                                                                                          • Instruction ID: 9310a0ea76c2cc07d947411eab57a38290c9df5519feba359520972718ba2cb6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea199a7ff8b585cdd3c044a71085e18661c6b9da49844bc5b4f817a37c5c67f3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A101FC71B163065FDF89AFBD553522A3F95DFC61147460DF9C505CF252E9249804CFA0
                                                                                                                                                                                                                                          Function 044BD01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2059839136.00000000044BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 044BD000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_44bd000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b8d560016baa77da75dda92ed831f40d22294815f4b9165dad3a7bfb4f02102a
                                                                                                                                                                                                                                          • Instruction ID: f91f4a4a019b73ef19026bfa8ce80bd9d20d1729d3bd7b7186691d6445bca727
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b8d560016baa77da75dda92ed831f40d22294815f4b9165dad3a7bfb4f02102a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8601FCB19047049ADB214E25DDC47A7BF98DF41338F18C59BEC880A246D375A841D6F1
                                                                                                                                                                                                                                          Function 044BD006 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2059839136.00000000044BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 044BD000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_44bd000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 11bff1aba1602cb065bcc2704f487f6580b61b01dc956e73d9f2096c74966d12
                                                                                                                                                                                                                                          • Instruction ID: d49442f7dffd431d644a0bd8f42031b28776105a7c2c9ed09e092cb842fc9862
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 11bff1aba1602cb065bcc2704f487f6580b61b01dc956e73d9f2096c74966d12
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B301927140D3C05FD7128B259994752BFB4DF43224F1881DBEC888F297C2695849C7B2
                                                                                                                                                                                                                                          Function 06B9182A Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000003.2058946582.0000000006B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_3_6b90000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c33d307164da128db05a588df59efbf4cd31a34e2bd264be7b18657fc7dbf827
                                                                                                                                                                                                                                          • Instruction ID: 15d5305d399a9c85e424d189c3e9c697645ae67350bb11b7d794b4f79480da23
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c33d307164da128db05a588df59efbf4cd31a34e2bd264be7b18657fc7dbf827
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9601ADB1F1050597EF98AA6C88947AF7AB69BC8700F1085BDD112B7380CE754C01A7E1
                                                                                                                                                                                                                                          Function 06B92A98 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000003.2058946582.0000000006B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_3_6b90000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9152393ec7e6b87ae10562347f34d9426852393cde581fae94a48f6fd3ee660d
                                                                                                                                                                                                                                          • Instruction ID: 6500fd44bec956f71ca54150a380e76b87ab335ea095f428abe6fb4260e048aa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9152393ec7e6b87ae10562347f34d9426852393cde581fae94a48f6fd3ee660d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DDF0E9F7F1521027DBB49A16A8C4BBB6B9ADBD4710F0440B9E90887351DA348E02C6B1
                                                                                                                                                                                                                                          Function 06B925D1 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000003.2058946582.0000000006B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_3_6b90000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 78a114999bb0ed7e9464d20a9c6fc552f864ca794e7dfef304d23cd0f3a7ce33
                                                                                                                                                                                                                                          • Instruction ID: 68a12a903fc8559dcb1cf717a608abfb2554160f27afc18a72a9d84b88f0bb1d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78a114999bb0ed7e9464d20a9c6fc552f864ca794e7dfef304d23cd0f3a7ce33
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1F0B43AB141944BCB099678E4582EE7BB29BC9210F14816EE807A7380EF351D5DC790
                                                                                                                                                                                                                                          Function 06B91431 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000003.2058946582.0000000006B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_3_6b90000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 20302919e79919bdfd3f7661c295d4d435ceec59a4e67413fa2858531b8696ce
                                                                                                                                                                                                                                          • Instruction ID: b0ccfe9b9f2f7848c5f1799ece98eb1e411d2c3e4a6929ca133bc9f70079b0c6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 20302919e79919bdfd3f7661c295d4d435ceec59a4e67413fa2858531b8696ce
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96F0BBB5B151075EDF89EFBD612531A3F95EFC51147460DBDC506CF261E9204940CFA0
                                                                                                                                                                                                                                          Function 06B92654 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000003.2058946582.0000000006B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_3_6b90000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8677a4b6c7006470963f51b467fb68befbdc409503922ca726b0c7c6b642b22f
                                                                                                                                                                                                                                          • Instruction ID: 61bfe3bec66723e491701bc88e021c8bc0819caee78c093f8a44a9a8f793ab08
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8677a4b6c7006470963f51b467fb68befbdc409503922ca726b0c7c6b642b22f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42E06DB1F3521826EFE82568591076626DA8B42708F001CB9C54187A82D8E4EA4803F1
                                                                                                                                                                                                                                          Function 06B925E0 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000003.2058946582.0000000006B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_3_6b90000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 54b4f2f27530cdd4ab7ace2546f4158dd373ff53ee318e4a3c8afa750453a3cd
                                                                                                                                                                                                                                          • Instruction ID: e9e2061de3e257c8ae14bca8b2ea02321766481fadd1c6c5f33b3e9df6f98213
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 54b4f2f27530cdd4ab7ace2546f4158dd373ff53ee318e4a3c8afa750453a3cd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9BE0E536F201144BCB489678E4185EEB7B6DBC8210F508036E812A3350EF342D49CBA0
                                                                                                                                                                                                                                          Function 06B92A58 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000003.2058946582.0000000006B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_3_6b90000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 25b7a02ef128cda1ae308ab633bfcf2f4e4d1a2b3feb866b7970b57d8cffd96c
                                                                                                                                                                                                                                          • Instruction ID: 66a4fa7b6c9f0a174a35c96ba507e363ca27daff179fb8a467f164523d324751
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 25b7a02ef128cda1ae308ab633bfcf2f4e4d1a2b3feb866b7970b57d8cffd96c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1E012B5D14209AF8B84EFB9850155ABBF4BB48204B1085FDD80DD7211F7329602CFD1
                                                                                                                                                                                                                                          Function 06B90C0C Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000003.2058946582.0000000006B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_3_6b90000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 1dc948fb0a28849d149dfc9a941773d7770ece991206f8e158164a09fda65f8e
                                                                                                                                                                                                                                          • Instruction ID: 86d9bf90305ea7ebbabc11b382199a121add64eda9ae9e78faaada0d75ee3ad1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1dc948fb0a28849d149dfc9a941773d7770ece991206f8e158164a09fda65f8e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24D0A7723201186B5785A658DC8586A7BADEB853613508837FD0183310CD606C1097F5
                                                                                                                                                                                                                                          Function 06B92590 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000003.2058946582.0000000006B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_3_6b90000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: df95620f97ec09739a9a60d4ed4589d5dc5404a936ee4b1c29918bd5d2ae4e9b
                                                                                                                                                                                                                                          • Instruction ID: b1176d8b4cf7e5ce812873c52ef6eb2696fa837abccacd11e10894f4d73d9db3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df95620f97ec09739a9a60d4ed4589d5dc5404a936ee4b1c29918bd5d2ae4e9b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8D05BF261920047E70697B5FC552D93B51CF547007828D57A565CF267EF20ACCB87C1
                                                                                                                                                                                                                                          Function 06B917F0 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000003.2058946582.0000000006B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_3_6b90000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2f46a51d84f58556592af1fcee6f1638bf48d34e748eb94f0e4858d3e1d38bd5
                                                                                                                                                                                                                                          • Instruction ID: b2412be2f8e2ba83770c4d3e95bf2e424b17167dc9ea1609e1c7a219048d8c7f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f46a51d84f58556592af1fcee6f1638bf48d34e748eb94f0e4858d3e1d38bd5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0D02E773282400FDB44A364E84412A3F62D316321710412BF891822E4CE2145A1C341
                                                                                                                                                                                                                                          Function 06B90440 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000003.2058946582.0000000006B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_3_6b90000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2bd98cabdccca72c2f35dfe047af02d5d5d7df643262ca1335f22cdb4c0bfcb3
                                                                                                                                                                                                                                          • Instruction ID: 25fe530461cce2d4b3f6fbfc0bc9378547ee80042fc891ff71162b8022bd9c10
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2bd98cabdccca72c2f35dfe047af02d5d5d7df643262ca1335f22cdb4c0bfcb3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04C08CB3F20A008BD604870804486E933E0EFB020AB8582AAC0444942452220027C830

                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                          Function 044671D0 Relevance: 9.9, Strings: 7, Instructions: 1112COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109914954.0000000004460000.00000040.00000800.00020000.00000000.sdmp, Offset: 04460000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4460000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: Pleq$Pleq$Pleq$Pleq$Pleq$x jq$|kp
                                                                                                                                                                                                                                          • API String ID: 0-2031262295
                                                                                                                                                                                                                                          • Opcode ID: f37a3d125eac67e87d8f0ac1af2eb9988411b514b61c0c3c5a0ab0d4149dcf80
                                                                                                                                                                                                                                          • Instruction ID: eb34404a8726a71e1241e05a982fa819d6d34dd7715604719be2e8ede30a862a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f37a3d125eac67e87d8f0ac1af2eb9988411b514b61c0c3c5a0ab0d4149dcf80
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82927E757006058FDB15DF68C584A6ABBF2FF88304F2584AAE4469B362DB74FC42CB91
                                                                                                                                                                                                                                          Function 04460040 Relevance: 1.7, Strings: 1, Instructions: 471COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109914954.0000000004460000.00000040.00000800.00020000.00000000.sdmp, Offset: 04460000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4460000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: \;eq
                                                                                                                                                                                                                                          • API String ID: 0-3072965439
                                                                                                                                                                                                                                          • Opcode ID: 86845da7d69a18d118aba39db06ed561d8315d74fc5bdc821d712e00a9f1cb31
                                                                                                                                                                                                                                          • Instruction ID: 955557d09e14046132da211d6fe9d5b21dc88a0934c56dbcfe865ebdba5e70af
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 86845da7d69a18d118aba39db06ed561d8315d74fc5bdc821d712e00a9f1cb31
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 38225D30E1021ACFDB14EF74C94469DB7B2FF85304F1186AAD846BB351EB74A989CB51
                                                                                                                                                                                                                                          Function 04387448 Relevance: 20.9, Strings: 16, Instructions: 922COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: gq$$&fq$(_eq$4'eq$4'eq$4'eq$4'eq$4ceq$4ceq$@beq$|-fq$$eq$$eq$ceq$ceq$gq
                                                                                                                                                                                                                                          • API String ID: 0-2291734879
                                                                                                                                                                                                                                          • Opcode ID: 6f48333a27ba1b4904abf223a34d58439ef7de06ed2fd27e4e8ec65bb2cde425
                                                                                                                                                                                                                                          • Instruction ID: 1b3ecab9212632fa43d122ac8cc94f29b37d90dc40a98e85ff451a28b52c0004
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f48333a27ba1b4904abf223a34d58439ef7de06ed2fd27e4e8ec65bb2cde425
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3AA20CB5900218DFDB269FA0C855ADE7BB2FF89300F2044E9D509AB291DF359E85DF81
                                                                                                                                                                                                                                          Function 043874C0 Relevance: 20.9, Strings: 16, Instructions: 867COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: gq$$&fq$(_eq$4'eq$4'eq$4'eq$4'eq$4ceq$4ceq$@beq$|-fq$$eq$$eq$ceq$ceq$gq
                                                                                                                                                                                                                                          • API String ID: 0-2291734879
                                                                                                                                                                                                                                          • Opcode ID: 521f5c3c7a8dc7ba565846cffab635154ec64250c505082960405209fa5d9f3c
                                                                                                                                                                                                                                          • Instruction ID: acd18850cd807a5bce72694474bcba0fc8fa89dd242ad0b0dda36178854f5418
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 521f5c3c7a8dc7ba565846cffab635154ec64250c505082960405209fa5d9f3c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C92DBB5900218DFDB259FA0C855AEEBBB2FF89300F2045E9D5096B291DF359E81DF81
                                                                                                                                                                                                                                          Function 043885C0 Relevance: 6.7, Strings: 5, Instructions: 428COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (iq$.JsonTextReader+<MatchValueAsync>d__19$Json.JsonTextReader+<ParseNumberNaNAsync>d__26$d$lCharAsync>d__34
                                                                                                                                                                                                                                          • API String ID: 0-2589273654
                                                                                                                                                                                                                                          • Opcode ID: f375c4ec18289fe2d19779ea4705b9aa56731646e14f9db7f57fafa75d20f580
                                                                                                                                                                                                                                          • Instruction ID: 213ce968d75704f127c0bc0e28bd3e09d41ebe92f9b1904cfd207c35dd50163b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f375c4ec18289fe2d19779ea4705b9aa56731646e14f9db7f57fafa75d20f580
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C2F16874A006058FDB24EF59C480A6AFBF2FF88314B65DA69D45A9B361D730FC46CB90
                                                                                                                                                                                                                                          Function 0438B688 Relevance: 6.5, Strings: 5, Instructions: 218COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (iq$\;eq$l;p$?p$|dq
                                                                                                                                                                                                                                          • API String ID: 0-65667100
                                                                                                                                                                                                                                          • Opcode ID: 80ce7b3b2e293806da1dbee3e75bdb7907661626869c10f7f656e0f25aa05dc4
                                                                                                                                                                                                                                          • Instruction ID: 73e3f7b66bd5ff00e4286eda82682da076364c39692d215e9adc245b8ed93965
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80ce7b3b2e293806da1dbee3e75bdb7907661626869c10f7f656e0f25aa05dc4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B161E9B5B0461B4BD714AA7A985097FF7ABBFC4744B20902EE801D7394EE34FC0297A1
                                                                                                                                                                                                                                          Function 0438B9F8 Relevance: 5.3, Strings: 4, Instructions: 267COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (iq$(iq$(iq$(iq
                                                                                                                                                                                                                                          • API String ID: 0-3520470913
                                                                                                                                                                                                                                          • Opcode ID: a203ea06b9c91597c84b7c5b912ed4197bfad079114abfe556d10161563e4712
                                                                                                                                                                                                                                          • Instruction ID: 506df62b6699d5d4ad3b406c04acea8000298c932016721fc9c2598a40af3d32
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a203ea06b9c91597c84b7c5b912ed4197bfad079114abfe556d10161563e4712
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE81B272B001158FDB05EFBDD45469EBBE6EF88710B1480AEE50ADB3A1DE34EE018795
                                                                                                                                                                                                                                          Function 0438F130 Relevance: 3.9, Strings: 3, Instructions: 130COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (iq$,iq$,iq
                                                                                                                                                                                                                                          • API String ID: 0-3248664921
                                                                                                                                                                                                                                          • Opcode ID: 64046d54595334bc6c9ff6335dcca08933b301492bfac0d9e1788cbf22c65a35
                                                                                                                                                                                                                                          • Instruction ID: d0e2dfa617750c2978b013f47ca446ee1d340bf0b19c967a927e208a6a0ab68c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 64046d54595334bc6c9ff6335dcca08933b301492bfac0d9e1788cbf22c65a35
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18414F787106058FCB19EF68C99496EB7B2FFC9301B2185A9D5169B365DB30EC02CB61
                                                                                                                                                                                                                                          Function 0438858F Relevance: 3.9, Strings: 3, Instructions: 118COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • .JsonTextReader+<MatchValueAsync>d__19, xrefs: 0438861D
                                                                                                                                                                                                                                          • Json.JsonTextReader+<ParseNumberNaNAsync>d__26, xrefs: 043886B1
                                                                                                                                                                                                                                          • (iq, xrefs: 043885D4
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (iq$.JsonTextReader+<MatchValueAsync>d__19$Json.JsonTextReader+<ParseNumberNaNAsync>d__26
                                                                                                                                                                                                                                          • API String ID: 0-367621252
                                                                                                                                                                                                                                          • Opcode ID: 87e7435fc7f6b2317fbd91b69525dee9776d428f59a5e70d71ccd1383a6e0c16
                                                                                                                                                                                                                                          • Instruction ID: 8bc42edced842fbf50212064043247597b5d7c07ebb9dea4622901671a9a9e12
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87e7435fc7f6b2317fbd91b69525dee9776d428f59a5e70d71ccd1383a6e0c16
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C418875A006058FDB18EF68C480A6AF7F2FF89314B599999E45AAB351CB34F842CB50
                                                                                                                                                                                                                                          Function 043885B0 Relevance: 3.9, Strings: 3, Instructions: 117COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • .JsonTextReader+<MatchValueAsync>d__19, xrefs: 0438861D
                                                                                                                                                                                                                                          • Json.JsonTextReader+<ParseNumberNaNAsync>d__26, xrefs: 043886B1
                                                                                                                                                                                                                                          • (iq, xrefs: 043885D4
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (iq$.JsonTextReader+<MatchValueAsync>d__19$Json.JsonTextReader+<ParseNumberNaNAsync>d__26
                                                                                                                                                                                                                                          • API String ID: 0-367621252
                                                                                                                                                                                                                                          • Opcode ID: c42bfb425d5bce809158db5d5d8a47340388a1d801f582bcda45b7d5e9701325
                                                                                                                                                                                                                                          • Instruction ID: c939a22afef973d034d1829cd0dd3d6aab008afcab525e7e1548e624f838f408
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c42bfb425d5bce809158db5d5d8a47340388a1d801f582bcda45b7d5e9701325
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED41AB74A006058FEB18EF59C480A6AF7F2FF89320B5599ADD45AAB350CB30F841CF90
                                                                                                                                                                                                                                          Function 04386C20 Relevance: 2.9, Strings: 2, Instructions: 379COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (iq$|7p
                                                                                                                                                                                                                                          • API String ID: 0-3995767703
                                                                                                                                                                                                                                          • Opcode ID: 5fa3a185b629a4f26dcb4930d1b767f57fe0d2d103325f1280e12c77b193e22e
                                                                                                                                                                                                                                          • Instruction ID: 87c0b2120dbdae34e5647e88580411b779df5f6efa0209122d8ce14c3d1ee3ca
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5fa3a185b629a4f26dcb4930d1b767f57fe0d2d103325f1280e12c77b193e22e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D5D1E1B0B002158FD715AFB8C89456EBBE7FF89300B24986DE4469B396DB30ED41CB81
                                                                                                                                                                                                                                          Function 04381630 Relevance: 2.7, Strings: 2, Instructions: 156COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: $eq$$eq
                                                                                                                                                                                                                                          • API String ID: 0-2246304398
                                                                                                                                                                                                                                          • Opcode ID: 0c66e466e33a76b745ddeadf745239fb003112ea382058857557a05b0bf9bb1f
                                                                                                                                                                                                                                          • Instruction ID: eaaf3902a316d4d1bb2cbb1a4be96340851062b42fee0bd78ce762c3b2bc0e19
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c66e466e33a76b745ddeadf745239fb003112ea382058857557a05b0bf9bb1f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7951BE75B013458FDF15EF78D8406AEBBB6EFC9350B14802EE815D7264DA30AD12C790
                                                                                                                                                                                                                                          Function 04384EC0 Relevance: 2.6, Strings: 2, Instructions: 143COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (iq$4'eq
                                                                                                                                                                                                                                          • API String ID: 0-3704486645
                                                                                                                                                                                                                                          • Opcode ID: 7fec94c6ef46a9791929cedc822dd1b0ca959c7ce4c1992aa0fdc5f1c0ef9122
                                                                                                                                                                                                                                          • Instruction ID: be84f1db8ff20bc109d839822bfbc3e848ea08770bce98ca033bed6c9ae9fe61
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7fec94c6ef46a9791929cedc822dd1b0ca959c7ce4c1992aa0fdc5f1c0ef9122
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC41BCB0B042558FCB05EF68C45066F7BA6AFD534472085AAD4098F386EF30EE06CBD5
                                                                                                                                                                                                                                          Function 043830EC Relevance: 2.6, Strings: 2, Instructions: 135COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (iq$LReq
                                                                                                                                                                                                                                          • API String ID: 0-545052733
                                                                                                                                                                                                                                          • Opcode ID: d51c50015f449fb025cd027f038da2b8938af01c56bfc5b147a558ac1de1ac1d
                                                                                                                                                                                                                                          • Instruction ID: fc0d717e1b61ff4f6d90174a771a4e9bcc37c2d8488475b972fa6bc1e79b8299
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d51c50015f449fb025cd027f038da2b8938af01c56bfc5b147a558ac1de1ac1d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4541D2B4B042145FEB09AA38985477F7BA7EFC4704F14846DE806C7395EE39ED458780
                                                                                                                                                                                                                                          Function 0438A228 Relevance: 2.6, Strings: 2, Instructions: 133COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (iq$(iq
                                                                                                                                                                                                                                          • API String ID: 0-2590639791
                                                                                                                                                                                                                                          • Opcode ID: 8da35f77656afbe018789f4ea082d8e20276ab8cea514cac74ba84e017583960
                                                                                                                                                                                                                                          • Instruction ID: 145ffb1dc8d423f4b251b30aa968f6496cc23694f3abbfca66937a509f190431
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8da35f77656afbe018789f4ea082d8e20276ab8cea514cac74ba84e017583960
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F141B234B042449FDB15EB68C494B9EBBE2EF89710F24819AD805AB381CA75AD02CB90
                                                                                                                                                                                                                                          Function 0438EA88 Relevance: 2.6, Strings: 2, Instructions: 121COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (iq$T;p
                                                                                                                                                                                                                                          • API String ID: 0-3223714253
                                                                                                                                                                                                                                          • Opcode ID: f925c05f5b93473ede6e347f3628f3510669251c23f5048f1d896197f3df2944
                                                                                                                                                                                                                                          • Instruction ID: d531060a02ff1858174232eacc1e17d1e039160e678637dde02be0c80ae83d98
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f925c05f5b93473ede6e347f3628f3510669251c23f5048f1d896197f3df2944
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E931F075B102058FDB09AA7DD8929AEBBA6EFC8610720446DE506CB390DF74EC028B91
                                                                                                                                                                                                                                          Function 043899B8 Relevance: 1.6, Strings: 1, Instructions: 336COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (iq
                                                                                                                                                                                                                                          • API String ID: 0-3943945277
                                                                                                                                                                                                                                          • Opcode ID: 35934e7a6b6ae989eb82fbb654c73f7f0e23bd2e448e4f51f4a0982493bb11e6
                                                                                                                                                                                                                                          • Instruction ID: c32933e78f37c30836b9daed096f4b33394dd048d6f917b7051ce627b872c39b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 35934e7a6b6ae989eb82fbb654c73f7f0e23bd2e448e4f51f4a0982493bb11e6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82E13A74A003598FDB05DFA8C584AADBBF2FF89300F158199D809AB2A5DB74ED45CB90
                                                                                                                                                                                                                                          Function 0438E1F0 Relevance: 1.6, Strings: 1, Instructions: 326COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (Ajq
                                                                                                                                                                                                                                          • API String ID: 0-2374663613
                                                                                                                                                                                                                                          • Opcode ID: c5b3a02dde796584079b21903e7b043c3c7a06d89e3c02f15658fdb93abb7614
                                                                                                                                                                                                                                          • Instruction ID: dc9998543234c7557d4efc1fbc83760bb632509073255025f947ee787958cc73
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c5b3a02dde796584079b21903e7b043c3c7a06d89e3c02f15658fdb93abb7614
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89C15D74B102159FDB15EFA9D995AAEBBB2EF84304F145029E406EB394EF74EC06CB40
                                                                                                                                                                                                                                          Function 04469FE0 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • KiUserExceptionDispatcher.NTDLL ref: 04469FF8
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109914954.0000000004460000.00000040.00000800.00020000.00000000.sdmp, Offset: 04460000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4460000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DispatcherExceptionUser
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 6842923-0
                                                                                                                                                                                                                                          • Opcode ID: 5e5f2de4068e7531f18eea9a84462448eabaa03def834927f562dfd53416df82
                                                                                                                                                                                                                                          • Instruction ID: d5447c089e7b9f148d343f7cbec8ab48c646e3cdcc4804a8038ae28583be01eb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e5f2de4068e7531f18eea9a84462448eabaa03def834927f562dfd53416df82
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 79112735A056049BDF20CE39E5407EDBBA1EB8B328F148126D51673390EB36BC59CB51
                                                                                                                                                                                                                                          Function 04469FD0 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • KiUserExceptionDispatcher.NTDLL ref: 04469FF8
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109914954.0000000004460000.00000040.00000800.00020000.00000000.sdmp, Offset: 04460000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4460000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DispatcherExceptionUser
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 6842923-0
                                                                                                                                                                                                                                          • Opcode ID: 85a516dae7949056729b3f21542fbf53b0bf6d94e3c69b66d1853a75a5727bfe
                                                                                                                                                                                                                                          • Instruction ID: e57bd24d23b36f33b51b85f08c7beb2d830eb836010cb283ee3309f1df2b06b2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85a516dae7949056729b3f21542fbf53b0bf6d94e3c69b66d1853a75a5727bfe
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3113A31A05A459FDF20CE34D5807EE7BA1EF4B364F148116D90273290EB35B90ACB52
                                                                                                                                                                                                                                          Function 0438BE40 Relevance: 1.5, Strings: 1, Instructions: 273COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: Qzn^
                                                                                                                                                                                                                                          • API String ID: 0-1410660048
                                                                                                                                                                                                                                          • Opcode ID: 9829aa3a8c23bf6fab1d392594ff0740a6cc6ac4d18729100005d8e8a0d6af8f
                                                                                                                                                                                                                                          • Instruction ID: a7a7b6796aa4b898dac08850b4b390c2302afe832515ad5b8845a435ed8aedcf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9829aa3a8c23bf6fab1d392594ff0740a6cc6ac4d18729100005d8e8a0d6af8f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FEB16674B006018FDB15EF38D58496AFBF2FF88204B149969E9168B365DB34EC46CF91
                                                                                                                                                                                                                                          Function 04381080 Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (iq
                                                                                                                                                                                                                                          • API String ID: 0-3943945277
                                                                                                                                                                                                                                          • Opcode ID: 887e1aff8659aa842a80ede2dfc9da749ce7630876df3e1c7ecfce264d64739f
                                                                                                                                                                                                                                          • Instruction ID: 82ef881e990068cf0dbd15c38c8fdd5ca55644cd7c45477f1cce16b4435d3e4b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 887e1aff8659aa842a80ede2dfc9da749ce7630876df3e1c7ecfce264d64739f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5771D575B106149FDF09ABB9C85466EB7B7EFC8300F158029E906EB3A5DE74EC528740
                                                                                                                                                                                                                                          Function 043857B8 Relevance: 1.5, Strings: 1, Instructions: 210COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (iq
                                                                                                                                                                                                                                          • API String ID: 0-3943945277
                                                                                                                                                                                                                                          • Opcode ID: ca9af1ef71a4625c56b3fed7a3d8f0d28065a5daac0b976040ebcb91b126a808
                                                                                                                                                                                                                                          • Instruction ID: 6ea3109b11caf8576f27f2459ed2b459fc2e3c9fb68cc59a855cd15da19155b1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ca9af1ef71a4625c56b3fed7a3d8f0d28065a5daac0b976040ebcb91b126a808
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A51C4B195D3C14FD706CB39A8906947FA5DF97214B0A80EBC584CF1A3E63C988BC752
                                                                                                                                                                                                                                          Function 0438BE33 Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: Qzn^
                                                                                                                                                                                                                                          • API String ID: 0-1410660048
                                                                                                                                                                                                                                          • Opcode ID: fce5946dd6fdc454ae2d08ba7445718f6e0659a622c99d7748ca5db69504841a
                                                                                                                                                                                                                                          • Instruction ID: 31c84bbc93c44e88ac472425581fb90a2b5924b50c49ff0fe146640ab999e1d1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fce5946dd6fdc454ae2d08ba7445718f6e0659a622c99d7748ca5db69504841a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A5719A74B006018FDB05DF38D58496AFBF2FF88204B049A69E9568B356EB34EC46CF91
                                                                                                                                                                                                                                          Function 04386048 Relevance: 1.4, Strings: 1, Instructions: 187COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (iq
                                                                                                                                                                                                                                          • API String ID: 0-3943945277
                                                                                                                                                                                                                                          • Opcode ID: 164d1bdc755c1dcd401855da72197ca93a7c2bd0dbc3d263b7e6ba9e4a1762c8
                                                                                                                                                                                                                                          • Instruction ID: 221ff0ca12cd96095a2f7d889be616e8d9003d44ee6f8a73ba55264a634782c0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 164d1bdc755c1dcd401855da72197ca93a7c2bd0dbc3d263b7e6ba9e4a1762c8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B715C75A006089FEB06EBE4D8506AEBFB3FF88310F104469D216677A0DF39AD558B91
                                                                                                                                                                                                                                          Function 043868E0 Relevance: 1.4, Strings: 1, Instructions: 185COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (iq
                                                                                                                                                                                                                                          • API String ID: 0-3943945277
                                                                                                                                                                                                                                          • Opcode ID: 1fa1691b071bdcf7d3a609b05d77d1b356e7d4791bac9a0e4f5cc3035912ed01
                                                                                                                                                                                                                                          • Instruction ID: 9bf96fa14660b4be0b9112f3f43c825714755d2858f1ef948c918da2608eb315
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1fa1691b071bdcf7d3a609b05d77d1b356e7d4791bac9a0e4f5cc3035912ed01
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67614B7AB002059FDB11DF59D8809AABBF6FF8D310B1480A9E919DB361DB31ED15CB90
                                                                                                                                                                                                                                          Function 0438E7D8 Relevance: 1.4, Strings: 1, Instructions: 181COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: L<p
                                                                                                                                                                                                                                          • API String ID: 0-3975772089
                                                                                                                                                                                                                                          • Opcode ID: 4198be7b5ed85889986bc06877945664d57d617a686dd65cc30a9b4b92b92c86
                                                                                                                                                                                                                                          • Instruction ID: 30c8ca81b824a18d0e4e9a56e13241223cf40d7a33bc353e8515421a5c9c4bcc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4198be7b5ed85889986bc06877945664d57d617a686dd65cc30a9b4b92b92c86
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC616E30B002058BDB18EF79E595A6EB7F6EF88714B24942DD416EB394DF78AC018B91
                                                                                                                                                                                                                                          Function 0438BE30 Relevance: 1.4, Strings: 1, Instructions: 171COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: Qzn^
                                                                                                                                                                                                                                          • API String ID: 0-1410660048
                                                                                                                                                                                                                                          • Opcode ID: 72cc5a203fa0c9e3d80fec6229b1964ea3031d4befd818455a21173666b1e234
                                                                                                                                                                                                                                          • Instruction ID: 93a69fd48de86f3f6549643ba0f8527e7ce7d0d40a8b1a243d1d77875ca67695
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 72cc5a203fa0c9e3d80fec6229b1964ea3031d4befd818455a21173666b1e234
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E615974B006018FDB05DF38D59496AFBF2FF88204B149A69E9568B366EB34EC45CF90
                                                                                                                                                                                                                                          Function 04386BF1 Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: |7p
                                                                                                                                                                                                                                          • API String ID: 0-2673033477
                                                                                                                                                                                                                                          • Opcode ID: e96684d9e459c452687fe68ce9c25388f68bed25dc02dcac5c182fafd61fbd20
                                                                                                                                                                                                                                          • Instruction ID: 2a3161593e134906364a5ba866a00307222e0a53fde59f52bfc894f187d0b52d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e96684d9e459c452687fe68ce9c25388f68bed25dc02dcac5c182fafd61fbd20
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C518A74B002068FDB05DF68C995AAEBBF2EF84310B558469E405EB3A2DB30ED45CB91
                                                                                                                                                                                                                                          Function 04380C1C Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (iq
                                                                                                                                                                                                                                          • API String ID: 0-3943945277
                                                                                                                                                                                                                                          • Opcode ID: c896ded6942f44671699cab550d41f6de124c0b52805dc9f15052ed8fd12bb34
                                                                                                                                                                                                                                          • Instruction ID: b4e5f1421f686f116f5458b3393bccdbb48335cdeab886debb32e612086055a4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c896ded6942f44671699cab550d41f6de124c0b52805dc9f15052ed8fd12bb34
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9451D430B04345AFEB08AB78D4687AFBBB2EFC8314F14446DD906E7281CE346C568791
                                                                                                                                                                                                                                          Function 0438C4D8 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (iq
                                                                                                                                                                                                                                          • API String ID: 0-3943945277
                                                                                                                                                                                                                                          • Opcode ID: fb9eea8b669a1b981f78658a312e982cd68072da9f0b3ec9a6909230cb55fdbe
                                                                                                                                                                                                                                          • Instruction ID: 0e1f6f72a9a8e2f3e92eff50396deecf8575674c7e952170d0aa46a2ae814508
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb9eea8b669a1b981f78658a312e982cd68072da9f0b3ec9a6909230cb55fdbe
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0351D2313047418FD725DB29D498A1AFBE2EFC5300B08DAADD44A8B762DA34FC46CB90
                                                                                                                                                                                                                                          Function 0438E428 Relevance: 1.4, Strings: 1, Instructions: 133COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (Ajq
                                                                                                                                                                                                                                          • API String ID: 0-2374663613
                                                                                                                                                                                                                                          • Opcode ID: 6fda671f013b7aaa66e8b37bfd936fdee5f1385041631705dac303ed97fc02cc
                                                                                                                                                                                                                                          • Instruction ID: c51ee1948547831214ca8952cbdcb106df86dfa929910c3959faf1cc8b7cda10
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6fda671f013b7aaa66e8b37bfd936fdee5f1385041631705dac303ed97fc02cc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F415D70B102159FDB15EF68D895AAEBBB2FF88604F104529E416EB390EF74AC01CF91
                                                                                                                                                                                                                                          Function 0438E438 Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (Ajq
                                                                                                                                                                                                                                          • API String ID: 0-2374663613
                                                                                                                                                                                                                                          • Opcode ID: 848b62d13c5162fd9192426324e342daee2bbf3ed1f846dc34e77e88766a82da
                                                                                                                                                                                                                                          • Instruction ID: f53e17898d8f76d0b2ca7d9b5e0075de15fe9beee13ab4cf261142c1d591a7f2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 848b62d13c5162fd9192426324e342daee2bbf3ed1f846dc34e77e88766a82da
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 56414C70B102159FDB15EF79D855AAEBBB2FF88604F104429E406EB390EF74AC01CB91
                                                                                                                                                                                                                                          Function 04384E90 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: 4'eq
                                                                                                                                                                                                                                          • API String ID: 0-1552367303
                                                                                                                                                                                                                                          • Opcode ID: 0c2a0f49cbc019e38e6ee5ea988fa7a292a2cb997980812cdd5ebe4ce8ca5062
                                                                                                                                                                                                                                          • Instruction ID: 8892f2be1eddd34470bb3cbac599fa3732c7694d2aadde63b9ec3a7e646d869c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c2a0f49cbc019e38e6ee5ea988fa7a292a2cb997980812cdd5ebe4ce8ca5062
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 004106B5604345CFCB02EF68D88069ABBB6FF95308B15959EE4548F253E731F906CB90
                                                                                                                                                                                                                                          Function 0438E7C7 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: L<p
                                                                                                                                                                                                                                          • API String ID: 0-3975772089
                                                                                                                                                                                                                                          • Opcode ID: 014d7670550cfda923a5074e4a574f929cc22390be1aeb0c454948155a8b6b6b
                                                                                                                                                                                                                                          • Instruction ID: a63dd6beccb2595422851e1d75f7825306db158f803fc965f041b88fcbc95686
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 014d7670550cfda923a5074e4a574f929cc22390be1aeb0c454948155a8b6b6b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC418531B002058BCB05AF79D5956AEBBF6FFCCA10B24952DD416E7390DF78AC058BA1
                                                                                                                                                                                                                                          Function 0438F12E Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: ,iq
                                                                                                                                                                                                                                          • API String ID: 0-1887606315
                                                                                                                                                                                                                                          • Opcode ID: ced5126a1710a85342c8152137a2e6c3eefad11a2d96a11fff0bb1a6c4801fca
                                                                                                                                                                                                                                          • Instruction ID: e4f63fd1dbabf42c3909055c7bdcb154b0c9a0f6a441d6cd32136ccfcf73bc2e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ced5126a1710a85342c8152137a2e6c3eefad11a2d96a11fff0bb1a6c4801fca
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C54139787106058FCB18EF68D984A6EB7B2FFC8315B21856DD51A9B365DB30EC02CB61
                                                                                                                                                                                                                                          Function 04384E48 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: 4'eq
                                                                                                                                                                                                                                          • API String ID: 0-1552367303
                                                                                                                                                                                                                                          • Opcode ID: 9da73ff8e1cb31bfbd8384fb7d8cc6571e2526abff90818fdb223366a4b062f0
                                                                                                                                                                                                                                          • Instruction ID: ab45c69f1aaa101ae593c01b1a2df42f43901fe91cded7fe4b004b0aab6d76e8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9da73ff8e1cb31bfbd8384fb7d8cc6571e2526abff90818fdb223366a4b062f0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08315E7570060A9FCB15EF68D880A9EBBA6FF94308B10995DE4149F256EB30E906CBD1
                                                                                                                                                                                                                                          Function 043845C8 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (iq
                                                                                                                                                                                                                                          • API String ID: 0-3943945277
                                                                                                                                                                                                                                          • Opcode ID: d7172df8bab2a444eaa3793f37c9b079bb6390afdec0d3f64295cefb43903c8f
                                                                                                                                                                                                                                          • Instruction ID: 114a37ae8a54c37249bd42ecc60985794e5891afe20c1be6d70dda45369fdda5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d7172df8bab2a444eaa3793f37c9b079bb6390afdec0d3f64295cefb43903c8f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50212379B002059FEB00EB2DE44496DBBEBEFD931470584AAE509CB351EE30EC428B81
                                                                                                                                                                                                                                          Function 04383719 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: LReq
                                                                                                                                                                                                                                          • API String ID: 0-2687900687
                                                                                                                                                                                                                                          • Opcode ID: 7f30fe7ffdb67ae03a77c3627710393f1550f3bf9c2e833c10a070fa4f4880f1
                                                                                                                                                                                                                                          • Instruction ID: b76179de5c977851d46c89678caecbd5d5a6b47b07d7ce59555effebcd242e44
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f30fe7ffdb67ae03a77c3627710393f1550f3bf9c2e833c10a070fa4f4880f1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A521A1B1B043155FDB08EE78D8947BFB7AAEF84A04F14946DE806C7395EB36E9058740
                                                                                                                                                                                                                                          Function 04385F38 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: LReq
                                                                                                                                                                                                                                          • API String ID: 0-2687900687
                                                                                                                                                                                                                                          • Opcode ID: 46cd04cbbabe1b3d9a30bb82505405278e140dcc761e09c8acca1494eab5810f
                                                                                                                                                                                                                                          • Instruction ID: 515a78b05217bd80a1503e6bc52137ea3d0c9597f3f9aa71a262c7f232531b52
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 46cd04cbbabe1b3d9a30bb82505405278e140dcc761e09c8acca1494eab5810f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 41217F74B006049FD7089F69D459AAEBBF6EF8C714F10801DE806AB390DF75AC118F95
                                                                                                                                                                                                                                          Function 0438AF10 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: \;eq
                                                                                                                                                                                                                                          • API String ID: 0-3072965439
                                                                                                                                                                                                                                          • Opcode ID: 7694b38f4cfbff04283668bc1dab9e0ce6b0c3e91f5bd516bba2d8dadc688a59
                                                                                                                                                                                                                                          • Instruction ID: 2ef0a87ee59d9461dd016da3e674ca1e34e50e199367ee45c3b0ff0bad9d6b5a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7694b38f4cfbff04283668bc1dab9e0ce6b0c3e91f5bd516bba2d8dadc688a59
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B61151723042014FAB14AAAEB89496BF7EAEFC8665724903FF50EC7756EE61FC014750
                                                                                                                                                                                                                                          Function 04385F48 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: LReq
                                                                                                                                                                                                                                          • API String ID: 0-2687900687
                                                                                                                                                                                                                                          • Opcode ID: 429377405f508ce57e36c494936a6c354f70ffe22e0516f62edbb49e7048c7af
                                                                                                                                                                                                                                          • Instruction ID: 7a750ef5995f5d681eb1aa2040ebd38b05ea75542c3fca20df6fae135f6b8f95
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 429377405f508ce57e36c494936a6c354f70ffe22e0516f62edbb49e7048c7af
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B216F74B04204DFDB089B69D455AAEBBF6EF8C710F10805DE406AB3A0DFB1AC008F95
                                                                                                                                                                                                                                          Function 04383370 Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: fjq
                                                                                                                                                                                                                                          • API String ID: 0-1966867767
                                                                                                                                                                                                                                          • Opcode ID: cbf2b0dda2f32bdf849e5dd28ad3b816ba9906029b06d6ed09afe10942d95c71
                                                                                                                                                                                                                                          • Instruction ID: f50a5808d22ac720a237103f6a82780a2f419fdd7ea099eb896cb6c69a04225e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cbf2b0dda2f32bdf849e5dd28ad3b816ba9906029b06d6ed09afe10942d95c71
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F311A775F041156BCB09AFB9A8445BF7FB6EBC8700B10802AF905D7340EE749D128791
                                                                                                                                                                                                                                          Function 04383380 Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: fjq
                                                                                                                                                                                                                                          • API String ID: 0-1966867767
                                                                                                                                                                                                                                          • Opcode ID: 53df6374377a2c8850d83ddd8f2d505ec8cec0a9951bba62a53155f7b05ee24e
                                                                                                                                                                                                                                          • Instruction ID: df7e030652d50d78beca6cb296c03481b3a980c890deeb31e5ba8e9e089f9c5a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 53df6374377a2c8850d83ddd8f2d505ec8cec0a9951bba62a53155f7b05ee24e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78118E75F041156FCB09AFB9A8449BFBAAAFBC8700B008029F905D7344EE759D228B90
                                                                                                                                                                                                                                          Function 0438E3EB Relevance: 1.3, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: C8
                                                                                                                                                                                                                                          • API String ID: 0-816706217
                                                                                                                                                                                                                                          • Opcode ID: 4477d4a28b01d6511ea16c9a3564b3d15d805faa1c7acadf65f5208034af9ffd
                                                                                                                                                                                                                                          • Instruction ID: d719818c264bd995f4ad2f2d2ccde8701077276ccffdfd22d0469fa1d6761cee
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4477d4a28b01d6511ea16c9a3564b3d15d805faa1c7acadf65f5208034af9ffd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE01D13AB102114BEB06AA6898523AEB763EBC4710F50955AE605AB340DFB0BC068BC0
                                                                                                                                                                                                                                          Function 0438E36A Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: C8
                                                                                                                                                                                                                                          • API String ID: 0-816706217
                                                                                                                                                                                                                                          • Opcode ID: 0129db82beef81733ea33308797550ad2ef86491633025aed6bae8920ae90003
                                                                                                                                                                                                                                          • Instruction ID: 35ad46dafcfc3bba357e4056b9f039f37fbe0403cd5fa4e4a409ac202202f755
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0129db82beef81733ea33308797550ad2ef86491633025aed6bae8920ae90003
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CFF0C83EB502114FEB06A65C9C513AD7763FBC4660F95955AE605AB340DFB0FC0687D0
                                                                                                                                                                                                                                          Function 0438EA75 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: T;p
                                                                                                                                                                                                                                          • API String ID: 0-2975607647
                                                                                                                                                                                                                                          • Opcode ID: 1bfc9df175bb8558ffbaa651497c420347de19e64d84c61fee38b8ad64f21429
                                                                                                                                                                                                                                          • Instruction ID: 911d338c3b03811700acebbccf4a3015ff8212d06071cecbb65d51b4aa0b03d0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1bfc9df175bb8558ffbaa651497c420347de19e64d84c61fee38b8ad64f21429
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33F0E9757442500FC709166D64D149EABBBFBCA93032901AAD009CB752CD698C074362
                                                                                                                                                                                                                                          Function 043899A8 Relevance: .3, Instructions: 297COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 6ece1a434f2e10290d4fb3d8d69a4a9b22636b67d8c4a64c9dcab5d255dc2cb1
                                                                                                                                                                                                                                          • Instruction ID: 8d9a4f6d9d822705a32072c35bae9b33f11b56331fd4e2bf8ce6dcceb2aa780c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ece1a434f2e10290d4fb3d8d69a4a9b22636b67d8c4a64c9dcab5d255dc2cb1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C4D13B74A003598FDB05DFA8C984BADBBF2FF89304F148199E809AB265D774ED85CB50
                                                                                                                                                                                                                                          Function 0438B418 Relevance: .2, Instructions: 193COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 21d6723ec5a39fd540e3eaa56e35415db69d02b6ba53943b8cde07caa0500cd2
                                                                                                                                                                                                                                          • Instruction ID: f49c336f7f7677ee09cd489429b35bca8c8e41563c36476f3bdcdc9ead32b65f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 21d6723ec5a39fd540e3eaa56e35415db69d02b6ba53943b8cde07caa0500cd2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 335191B290A7D28FE703DB389DE62D57F70EF4320470941D7D5808B1A3EA24995BC791
                                                                                                                                                                                                                                          Function 0438ABA0 Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 40319aa415cddd62619f5df78fb80d3b9833f9ee4e4f535bbd0b4ba247856b62
                                                                                                                                                                                                                                          • Instruction ID: 96e59e8122dfd476fe58eba5918dc1f86d31f685fe62fd4007ce19b11cbd4ad8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 40319aa415cddd62619f5df78fb80d3b9833f9ee4e4f535bbd0b4ba247856b62
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 965119347046018FDB19BF2AC59892AB7F6AFC961172994AEE006CB3B1DF70EC45DB40
                                                                                                                                                                                                                                          Function 0438B4F7 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d178fc1d80a98d698427f426cf7d4b59797cecd88fa6251fdcdbf95440949cc9
                                                                                                                                                                                                                                          • Instruction ID: 37ef447468ba97c014720e1edbb12a1bf7ea0a1e44c355786d8192b9fcd561ff
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d178fc1d80a98d698427f426cf7d4b59797cecd88fa6251fdcdbf95440949cc9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AB41D3B19097928FE707DB389DA56D57F71EF42304B0980D7E4808B1A3EA349907C791
                                                                                                                                                                                                                                          Function 04385482 Relevance: .1, Instructions: 141COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c60601c3a038e430afd36538be4a89914de6af039b4da1576f2e966ce1df8c99
                                                                                                                                                                                                                                          • Instruction ID: d1171406ebca9c5d9bf3bf8c131df8b495290dde3adae0463b46100972650510
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c60601c3a038e430afd36538be4a89914de6af039b4da1576f2e966ce1df8c99
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C2514A78E10209ABEB05EBA4E8956AEBB72FF88300F508429E50577394CF396D51CF61
                                                                                                                                                                                                                                          Function 043834A8 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a44cd3a88bca8b772909ef86ef54e0db07df9f9d58ceab718dc682311aefc37c
                                                                                                                                                                                                                                          • Instruction ID: 26d5a2665df66475b081fa3d1ae444e48ac0190ce3ded5a532f77d1263cb4057
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a44cd3a88bca8b772909ef86ef54e0db07df9f9d58ceab718dc682311aefc37c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F51B3747006065BCB06EB3CE99056DBBA7EFC4200B40CA69E4059B395EFB4BD5A8BD0
                                                                                                                                                                                                                                          Function 043834B8 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 6d6549dacd1b68f3144e9c61bd676a999a39660fa5c7426fdfb84033208deab6
                                                                                                                                                                                                                                          • Instruction ID: 778cce66d55cfdb0950f0b6c08cfc12e26e984da5c9273a9a0154ca15572ff42
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d6549dacd1b68f3144e9c61bd676a999a39660fa5c7426fdfb84033208deab6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A451B2747006065BCB06EB7CE99056DBBA7EFC4300740CA69E4059B395EFB4BD5A8BD0
                                                                                                                                                                                                                                          Function 04385490 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: cd8600fb81e3fe661cf835260efd0a34c80ba756744e2d4654aea29c3954b68f
                                                                                                                                                                                                                                          • Instruction ID: 8905fee70daee849cdadb80cb09a42f88970796af998df37a4a4080deb0f4108
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cd8600fb81e3fe661cf835260efd0a34c80ba756744e2d4654aea29c3954b68f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5512978E10209AFEB05EBA4E8956AEBB72FF88300F508429E50577394CF396D51CF65
                                                                                                                                                                                                                                          Function 04386702 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 61f51c9a0c708fac782e7b5893528316b99a1acaeeeaec4747d79d161b31ba5b
                                                                                                                                                                                                                                          • Instruction ID: 7a7172e2aa82ce462f62b0977be99b34169343649936c7ef9b62a4fe4b5f5471
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 61f51c9a0c708fac782e7b5893528316b99a1acaeeeaec4747d79d161b31ba5b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA410274E00204EFDB00EF78D58569DBBB6EF85314F5085AAE015AB256EB34ED95CB80
                                                                                                                                                                                                                                          Function 0438F681 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 49963b7b7d75c0a930ae64f65b9b6178aac3aa00b7c1d6e8bb79eda1bb3ca27d
                                                                                                                                                                                                                                          • Instruction ID: c26a9a463249fde9aafdb1113bfaf934914a177b74a5e886c1ae720167771b51
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 49963b7b7d75c0a930ae64f65b9b6178aac3aa00b7c1d6e8bb79eda1bb3ca27d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD41E270B042558FDB15DF78D8849AEBFF6EF89300B1445AEE046CB262DA38ED46CB51
                                                                                                                                                                                                                                          Function 0438E1E0 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2c2fd0b80de7c4c6db51feebb48c30900cf98681dfc07caeca8b5157e3b87a6d
                                                                                                                                                                                                                                          • Instruction ID: 750edf0dda64a99b1ec7b731f682d2d95240081d1e908419fb17854d46e22978
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c2fd0b80de7c4c6db51feebb48c30900cf98681dfc07caeca8b5157e3b87a6d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B414675E002498FCB04DFA8C58099EFBB2FF89310F259169E805AB365DB70ED46CB80
                                                                                                                                                                                                                                          Function 04382268 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d0454aeac045e3c1940ebfd751dd564c69286352d6c67f0cb5ccd33546e71dac
                                                                                                                                                                                                                                          • Instruction ID: 8aebe49c726ded33ec658cd19c1b8c05b5dba8f11aa6895d3fe46596659fa195
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0454aeac045e3c1940ebfd751dd564c69286352d6c67f0cb5ccd33546e71dac
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15411A75B002189FCB54DF78D98099EBBB2FF88314B10816AE905EB364DB31ED51CB90
                                                                                                                                                                                                                                          Function 0438F6A8 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: f335b16c3c4f1634e3204be947a662b6158a7f54249cba8ff92509db687b408c
                                                                                                                                                                                                                                          • Instruction ID: bdd475237380498c4aaeaef0de7263b58f727e4240567ebabb1370a3b274d223
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f335b16c3c4f1634e3204be947a662b6158a7f54249cba8ff92509db687b408c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6641BD70B002558FDB15DB68D888A6EBBFAEF89300B04456DE146CB362DB74EC45CB90
                                                                                                                                                                                                                                          Function 0438B080 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 22018468106efd1d5aeac0938e944ac199ecf8eb73be1b81bf2a6b6410176510
                                                                                                                                                                                                                                          • Instruction ID: 3d1df570d0b2d8b702c936766b5e054a7f713f6c27a5c011a84b6d67a89d5777
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 22018468106efd1d5aeac0938e944ac199ecf8eb73be1b81bf2a6b6410176510
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E319E75B002068FEB10DF69E880AAEF7AAEF84314B14D17AE519CB355DB71FC518B90
                                                                                                                                                                                                                                          Function 0438A198 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 37233e9ffe752b5ba75e38abd98da08a681b4f8e1dcf616137eae67af25a719c
                                                                                                                                                                                                                                          • Instruction ID: 15cb6be978e17add78f0647f08dfd15c0adda95b55e5f14a8549f1c65df879b4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 37233e9ffe752b5ba75e38abd98da08a681b4f8e1dcf616137eae67af25a719c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F631A030B042059FDB15EF68C494ADEBBF1EF88720F14519AD815AB392CB75ED46CB90
                                                                                                                                                                                                                                          Function 0438C558 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2504ec2773c9ba85122223a6577cb0bff7ce3002719a71b9c1c7c48ea1039819
                                                                                                                                                                                                                                          • Instruction ID: 1317c2e60c5501150cdcf807a709010ba33bd06b6385dab9bc5a1d016b29c3d5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2504ec2773c9ba85122223a6577cb0bff7ce3002719a71b9c1c7c48ea1039819
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 733191752007018FD725DF25D598926FBF2EF89310B189A6CD44A8B762DA34FC46CF90
                                                                                                                                                                                                                                          Function 0293D6A4 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2110675347.000000000293D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0293D000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_293d000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 053c2a0e6669d72b1abf10cb2c19df33ab2ec9a8499c97fad08da8be1c90c685
                                                                                                                                                                                                                                          • Instruction ID: 44801c43c3c3e6f00b64e18eabf39bde86df95c0ff61d4316c9c295207144ef2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 053c2a0e6669d72b1abf10cb2c19df33ab2ec9a8499c97fad08da8be1c90c685
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 332137B5504240DFDB16DF14D9D0F2ABFA5FB88324F24C969E90A0B246C336D816CBB1
                                                                                                                                                                                                                                          Function 0438B598 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 4a318691719b27663d0c0cb1ec64db872120a450e23d7620a92c44422fac2a7a
                                                                                                                                                                                                                                          • Instruction ID: b6dd12845fc02d17daca379a12db9475afaa70757d42c7f0ffd32de8244e77a7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a318691719b27663d0c0cb1ec64db872120a450e23d7620a92c44422fac2a7a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA21CF34B00209CFEB19EF78D8456AABBB6EB88305F109079F80587241DF70E952CB90
                                                                                                                                                                                                                                          Function 0438B930 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: f90ae92e595fc39d3ecb2ac6c22b9d8ba4a1bde90ec2c0eae52663f30aa2be09
                                                                                                                                                                                                                                          • Instruction ID: 50f341099f7e752111d59644f14a76906659ec6fad9bc5f7bca288212e6eb552
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f90ae92e595fc39d3ecb2ac6c22b9d8ba4a1bde90ec2c0eae52663f30aa2be09
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B71121767043124FAB14DA6DD490A3AF7DAEFC8260714A03EA94AC7746EE71FC018790
                                                                                                                                                                                                                                          Function 0438310C Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 52e4b3cf1a475792fd96863d6e0445a28768f8178b68940efccd6590fbb4b8f1
                                                                                                                                                                                                                                          • Instruction ID: d54f232a3f6dc6c6953202a45734a6a97f2fd0711ae7f3e8b5ce782eaebeb6b2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52e4b3cf1a475792fd96863d6e0445a28768f8178b68940efccd6590fbb4b8f1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E119B62A5D3912FEB01327474643EEBF44CF42710F02A4DEDE449B293E919988A8381
                                                                                                                                                                                                                                          Function 04383A29 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 1db0780a85c8f3972a1191a48be5badc6d2cf893de32bdd7e897d1922096abba
                                                                                                                                                                                                                                          • Instruction ID: 0e47eba39569c990583d70734998db07c5a84ceefb7e233426fb419d3ee21c04
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1db0780a85c8f3972a1191a48be5badc6d2cf893de32bdd7e897d1922096abba
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F215474F00204AFDB04EF68D494A9FBBB2EF8C315F155019E809A7340DE79AC96CB90
                                                                                                                                                                                                                                          Function 043830FC Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c9582bb891210fabbdaa72a8c3cb0df674a47cf9a9dc894fd72abb6e1e78afcd
                                                                                                                                                                                                                                          • Instruction ID: 352a4cf39ce26283ddfaf6e1ab4ce758bde0487c4ac5ee00c2031ff8bfed1015
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c9582bb891210fabbdaa72a8c3cb0df674a47cf9a9dc894fd72abb6e1e78afcd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D112B20B183582BFB28367954643AFAF8A8F82F14F0154AECD45DB783DD95EC4143D6
                                                                                                                                                                                                                                          Function 04382258 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2e2383a1cd1da4744b339a6970924e1e9c6ff12c6e2111a015e5a36d90b706c2
                                                                                                                                                                                                                                          • Instruction ID: 3d2a32c7a5453bab81819f7e3ef1c313f04273a3e39278ac1aec76f0f4cd4509
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e2383a1cd1da4744b339a6970924e1e9c6ff12c6e2111a015e5a36d90b706c2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9321EA75A102199FCB44DF78D8809DEBBB2FF4C714B10816AE905EB364EB319952CB50
                                                                                                                                                                                                                                          Function 04383A38 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 791a0b68ad5af06de1211191e31b37eab858cc093e40dc0b9af6fc31155b6fe9
                                                                                                                                                                                                                                          • Instruction ID: c541c580d10ed337bce0381916222839b9fd02ad81a9509971be3eb1a50b3797
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 791a0b68ad5af06de1211191e31b37eab858cc093e40dc0b9af6fc31155b6fe9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 57110374B00205AFDB04EF59D454A9BBBB6EF8C315F145019E809A7390DF79AC55CB90
                                                                                                                                                                                                                                          Function 04381378 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c5dee91f66072a6b6d3a22e2e4559acfd0255aae983f7eb7a8cc7ef54a1e4d8b
                                                                                                                                                                                                                                          • Instruction ID: 5a0645bca12d1ec5fa92441c5c21b75aa4124b1946b8174b09f1181b05f859d0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c5dee91f66072a6b6d3a22e2e4559acfd0255aae983f7eb7a8cc7ef54a1e4d8b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B62104759042098FDB10DFAAC8846DEFBB4FF48324F10842AD55967240C7756946CFA1
                                                                                                                                                                                                                                          Function 0293D69F Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2110675347.000000000293D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0293D000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_293d000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 71348e1cf9f81afd844df1a17d1983415161240bd78486831a29afc2cc4373c2
                                                                                                                                                                                                                                          • Instruction ID: 76680fdc8f6329e93d27c9a315cc75441f31c8ce5748728581307e6f9124bd8f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 71348e1cf9f81afd844df1a17d1983415161240bd78486831a29afc2cc4373c2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D11E2B6504280CFCB16CF10D9C4B1ABF72FB84324F24C6A9D9094B656C33AD45ACBA2
                                                                                                                                                                                                                                          Function 04381958 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c72be5d7c41eb7dabc646f226a17cb7c009bc1651e665ae8f3eff344e7dec7f6
                                                                                                                                                                                                                                          • Instruction ID: eed9ec978eb2bc2c852ee8a88529e223cb97bfe69afb17b69647fe5b60ae5b48
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c72be5d7c41eb7dabc646f226a17cb7c009bc1651e665ae8f3eff344e7dec7f6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1111235B00215BFDB04DFACE4595AABBB6EF8C311F154019E909A7240DF796CA6CB90
                                                                                                                                                                                                                                          Function 0438AAE0 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 75ab57a710c92af70cc7385971a2fd2af866662b8c1c7fef18c742c0e99e97a2
                                                                                                                                                                                                                                          • Instruction ID: c7f34cdc5ebdf877db447756ca17868c0b04917e5fee4965f199cd69e6a0fc4f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 75ab57a710c92af70cc7385971a2fd2af866662b8c1c7fef18c742c0e99e97a2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F21C6B8E01209DFDB04EFA8D490AAEBBF6FF89314F505499D405AB354DB70AA44CF91
                                                                                                                                                                                                                                          Function 04381380 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e55a6dd488181c6f2345636b6d7ee28c19bb1d72c325a69af05e95695e1c11d7
                                                                                                                                                                                                                                          • Instruction ID: 649474b1317f3ff08425bf7aae9e1492052e8fe13d4530a0129f26548b0c5d7f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e55a6dd488181c6f2345636b6d7ee28c19bb1d72c325a69af05e95695e1c11d7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2F11F4B5D042498FDB10DFAAC884AAEFBF4FF48324F10842ED51967240CB756945CFA1
                                                                                                                                                                                                                                          Function 0438576F Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ed16c47cfa592a950241edce60750ea9174298e240c7ac8adf51b29455c55f31
                                                                                                                                                                                                                                          • Instruction ID: cff6a05e8d835f7d7a2581a37372b8e62b65043ef40964b26ca8362fbe7fdb82
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ed16c47cfa592a950241edce60750ea9174298e240c7ac8adf51b29455c55f31
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF01D4763007009FE715EA6DF88099577EAEFC4324344986DE045CB612EB64FC47C794
                                                                                                                                                                                                                                          Function 04381968 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 45623a0182992371d78ea1e5b6487bff1b2308d0dc12c485fc1003d8f801c4e4
                                                                                                                                                                                                                                          • Instruction ID: 2427bab53a37dec4d54a4d8abc6681a358c363b50d679306618bac0fb30177a5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 45623a0182992371d78ea1e5b6487bff1b2308d0dc12c485fc1003d8f801c4e4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A111235B00214BFDB04DF68E458AABBBB6EF8C311F144019E90AA7340CF796C95CB90
                                                                                                                                                                                                                                          Function 04381440 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8fac964093bf679910d9ee0e81195765ed908b78508062e7d59a1b9639dec39f
                                                                                                                                                                                                                                          • Instruction ID: 87ac504f807635326b01b7e9331dcd921f2ec8c4cfa50734b8fd0e761add4793
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8fac964093bf679910d9ee0e81195765ed908b78508062e7d59a1b9639dec39f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9014C70F093451FCF095F7C757A1177FB5DEC6200365089EDA46CF192E91458568390
                                                                                                                                                                                                                                          Function 043856C2 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: fdba72e1f3e5a0bea4019b2522a908e3b76e51417e7a0e1a1cc66ef0b55ed0d2
                                                                                                                                                                                                                                          • Instruction ID: 55c5ed17017bb18e961e264898874a8fd64b9f161da3819bac1b884544e547cc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fdba72e1f3e5a0bea4019b2522a908e3b76e51417e7a0e1a1cc66ef0b55ed0d2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 780147B12003007BE7059BB8988456D7BD6EFC1314B41853DE10A8B281CF78AC578FE4
                                                                                                                                                                                                                                          Function 0293D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2110675347.000000000293D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0293D000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_293d000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 97a702838bfe08875fb90d8bff8e05fbcd406363b8ad712feaed50b83b03d0b9
                                                                                                                                                                                                                                          • Instruction ID: 969399dcaad906785541d9e974ff7e1620722e479be120292fd594197f2f9754
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 97a702838bfe08875fb90d8bff8e05fbcd406363b8ad712feaed50b83b03d0b9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA012671409340AAE7228A29CDC4B67FF9CDF41B34F18C91AEC480B286C3799941CAB1
                                                                                                                                                                                                                                          Function 0293D006 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.2110675347.000000000293D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0293D000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_293d000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 0d75d25ff5a43ecc8e62aa753ffca63efe25992fe3ee48e819be9fdb245fd3c3
                                                                                                                                                                                                                                          • Instruction ID: d544368f13893b106548b9af7fe5f49d57e46aef8ffb2a6e1dff4aa84ab59ff9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d75d25ff5a43ecc8e62aa753ffca63efe25992fe3ee48e819be9fdb245fd3c3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5201406100E3C05FD7138B258D94756BFB8DF53624F1981DBD8888F1A7C2695849C772
                                                                                                                                                                                                                                          Function 0438B070 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: dd56f80354e639a8d65b3ffacde315341f68a7a62d869919148267e44a3126f7
                                                                                                                                                                                                                                          • Instruction ID: 8d2d4ebd207c6b7080ad353822090db8f4c902557262344e438cd5f6e783c696
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dd56f80354e639a8d65b3ffacde315341f68a7a62d869919148267e44a3126f7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CEF028B5B002039BDB14DA69D880A5EFBAAEFC8250B15D139E51CC7304EF75F846C791
                                                                                                                                                                                                                                          Function 0438B920 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b730c962ab8d4be28c5631529d9b2138b5767a4cc1747ca42de0b974e8667b22
                                                                                                                                                                                                                                          • Instruction ID: 8fd4a854bf2262570ae4f6a01af03ddb3425d740dfc71b8ce65d55f31907fcf6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b730c962ab8d4be28c5631529d9b2138b5767a4cc1747ca42de0b974e8667b22
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B01ADB27002015FE714DA1CD890B2AFBD9EF88360B059439A909C7352EA31FC018750
                                                                                                                                                                                                                                          Function 0438CB90 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3a4245b6ac47c64d2809928c885e29bb9dd399924f45ce4e6c8f7d451fcdca43
                                                                                                                                                                                                                                          • Instruction ID: 9c0ca4343f17935ae3e2c35d9065644779248e169dea7da4c25a884536acb213
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a4245b6ac47c64d2809928c885e29bb9dd399924f45ce4e6c8f7d451fcdca43
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15F0F0327096141FA7059A6DBC88A2FF7EAFBC4A69720013EE109C3360DB21DC0187A4
                                                                                                                                                                                                                                          Function 0438182A Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2f97f4fc4e9ce91a4eb4a52f048b05755efccdae79a265364833788a5cb4a9fd
                                                                                                                                                                                                                                          • Instruction ID: 4465e743e78ec5ca700160c9c8f3bb6a3050c7600fec084206a218a7b65dddf2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f97f4fc4e9ce91a4eb4a52f048b05755efccdae79a265364833788a5cb4a9fd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 95016231B1071A87EB18BA7895A63EFB7B79B88704F25446DD505B7390CF712C06C791
                                                                                                                                                                                                                                          Function 043867E2 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 610e54115e4c37bd6640a86cf4f2358dc23d1be13fb33750de0429478835cc75
                                                                                                                                                                                                                                          • Instruction ID: 222117b0e1fa556a2bb289a27a598f750f924dfa5f044be6db34b721fa59911c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 610e54115e4c37bd6640a86cf4f2358dc23d1be13fb33750de0429478835cc75
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD0184B0D00208EFDF44EFB8D58169CBBB6EF88204F1085A9D504EB251EE34AA158F84
                                                                                                                                                                                                                                          Function 0438CB7F Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a26fdf8890e3dd32b11e97ba09424fe1a82a2e4859e8ce9dc9bba4e1321a1dc3
                                                                                                                                                                                                                                          • Instruction ID: 69d585e2415174f1a5508b777f69e6d12baaca2d8ef0633f3041e2f363c0e43e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a26fdf8890e3dd32b11e97ba09424fe1a82a2e4859e8ce9dc9bba4e1321a1dc3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DAF0BE767056101FE7089E1DA898B6FF7A9EBC8669B14007DE208C3360DA20CC028B90
                                                                                                                                                                                                                                          Function 043856D0 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: fe67d2e265a2f8971a3b3b593cf5975e93fcbf12cdb827e94b134e6021351aa9
                                                                                                                                                                                                                                          • Instruction ID: 64e377561271acee56fc903f15ac89c013bf4a7286945da965254b8e3512774a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe67d2e265a2f8971a3b3b593cf5975e93fcbf12cdb827e94b134e6021351aa9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68F0C2703007046BEB15E7B9D44456EBADAEFC0314780893DE10A9B281CFB9BC698FE4
                                                                                                                                                                                                                                          Function 0438AF00 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b7af5cf5d36ffd30905a2b8edc75f1855e40a67e7d154f3b34d484cac0c74406
                                                                                                                                                                                                                                          • Instruction ID: d30377dd27ebf38e47e276f7b28f3f62b099f614b9b30f6484da5d8bef3504af
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b7af5cf5d36ffd30905a2b8edc75f1855e40a67e7d154f3b34d484cac0c74406
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3F0A7F27002051BD7545A5E6CD459BB7E9EFD8264714903AF51DC7341FD60DC024690
                                                                                                                                                                                                                                          Function 043867F0 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a065f82e7b53f97f00de68d6ab48233b83787794eed11afb8b9b047039801f44
                                                                                                                                                                                                                                          • Instruction ID: b480a08215e47a904cc0211c19db411d69b8971056cd94b0930ff1e162233ea5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a065f82e7b53f97f00de68d6ab48233b83787794eed11afb8b9b047039801f44
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4016DB4E00209EFDF44FFB8D58199DBBB6EF88204B1085A9D404AB251EE346E548F80
                                                                                                                                                                                                                                          Function 04381431 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7b73ea3b1a921926ee9fd7c2462540a5c84adb6544b90c0fc463e9e1eb9ce413
                                                                                                                                                                                                                                          • Instruction ID: 0a8ad990dbb4a25801fcd21b65108d2c288c8d82f29f87e15eed33f5a0384a8a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b73ea3b1a921926ee9fd7c2462540a5c84adb6544b90c0fc463e9e1eb9ce413
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1CF0F664F043462FCB095FB8217A2177FA6EEC62103A5086ED746CF1A2EA145852C380
                                                                                                                                                                                                                                          Function 043846A0 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 59e43a6bcd61da95686dea3220fcd3d768d0922d0ef3f439ddcfdd94be639eb5
                                                                                                                                                                                                                                          • Instruction ID: 9865c30c878f977dfb706dd952ee02461e6b1b9cb4bbab8b478d5244d950bbed
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 59e43a6bcd61da95686dea3220fcd3d768d0922d0ef3f439ddcfdd94be639eb5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1F034B4D0A348AFCB04DFA4E4844ACBFB4EF56300F1084EAE84997321EA345E42DB81
                                                                                                                                                                                                                                          Function 043868D1 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a96ce9c8e789c0cdc6c1f56e9a582c8351344871ef9da9fa954c41c2316b7ffb
                                                                                                                                                                                                                                          • Instruction ID: 369cf0b41e034140423fcf7c1c103f67ab82da98bf4fa9100dd237c24899196c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a96ce9c8e789c0cdc6c1f56e9a582c8351344871ef9da9fa954c41c2316b7ffb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8FF0BE76604219AFD712CF59D844E89FFF9EF89310B0980AAE648CB252E730E901CB90
                                                                                                                                                                                                                                          Function 04384551 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b8b166edce5a13c9b6a1e6c980778aaffcb80d19648fb96e090af9185498c11d
                                                                                                                                                                                                                                          • Instruction ID: 987378cc0f7851f1aca621391dd636391dcc0bfe470ce04b59626bdfac39063e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b8b166edce5a13c9b6a1e6c980778aaffcb80d19648fb96e090af9185498c11d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85F027717006011BE72AA668A49450EBB82EFD0221700887DE20DCB280EF74EC458789
                                                                                                                                                                                                                                          Function 0438C688 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c02d1036570fa506564b73361d3a7ed86d948d002a33ca4b2fa21ac21edef115
                                                                                                                                                                                                                                          • Instruction ID: 52fc59df0517dc84355155e4af7e3caf41c374fc14a9a058925a14eb9fa4febe
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c02d1036570fa506564b73361d3a7ed86d948d002a33ca4b2fa21ac21edef115
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9F065757103124BD718EA79D8449A6F7DAAFC82A4318B5B9D908CB324EE71DC42D790
                                                                                                                                                                                                                                          Function 043857A8 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a3c39bc105a6c10be0bf07f2e9a12260deb76fa0375ceef5251f566e2d4b0927
                                                                                                                                                                                                                                          • Instruction ID: ff8449b2a5d006c66f229b51a7246e2c0060a42193ffb58db495eeb863c15c76
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3c39bc105a6c10be0bf07f2e9a12260deb76fa0375ceef5251f566e2d4b0927
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7CF0E2B1300300AFDB15E72CD840A5A77DADFCA324B04486EE145CB211EA30FC41C794
                                                                                                                                                                                                                                          Function 0438C4C9 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: dab576bbe15a60a1e96efdc7b6821c6ba126036241a86f0b2f661c2803de6315
                                                                                                                                                                                                                                          • Instruction ID: afc7a05330333160341b665c029bf104246bdc75f7cd6f9d01e4c5b9bb16ec78
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dab576bbe15a60a1e96efdc7b6821c6ba126036241a86f0b2f661c2803de6315
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BCF0553230074167C723AA2688807AFB7A9CFC1790F04AA2FE98987144EA64F90187A0
                                                                                                                                                                                                                                          Function 043845B8 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 366c2f55e287f644359bf70b201d75e9406b48c6b95f0a2b9590e38436c2e327
                                                                                                                                                                                                                                          • Instruction ID: f19da5885c7f75fd4e9d045e2dfa17648285dee8bb2b6c3ddf5b6e19c69725e7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 366c2f55e287f644359bf70b201d75e9406b48c6b95f0a2b9590e38436c2e327
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6F082753002028FD711AB6DE544A6E7BD6DFC9305B04496DE149CB661EA30EC428B51
                                                                                                                                                                                                                                          Function 04386038 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8cbe5f6c4d53adb7ec29c2e7dbb9c5d1a94e168da1a501e0ad5e551283c2f6ef
                                                                                                                                                                                                                                          • Instruction ID: dd687377535b5ed52ce762279e744f12d940fdb79fbea0a0f861b1b17cd95c89
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8cbe5f6c4d53adb7ec29c2e7dbb9c5d1a94e168da1a501e0ad5e551283c2f6ef
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09F0F672114BA09BC3359B58E40424ABBE4EF81709F004C2DD1C646A52D7F5B889C746
                                                                                                                                                                                                                                          Function 0438A369 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: cec032a6061a6bb4e12d4101c19835412a822d8f5b2d6abd80db6b6b3131ea26
                                                                                                                                                                                                                                          • Instruction ID: 2891b8bda1e83b60996cddd604e412d66a490f5b4d42c96ecba831ffd64fcc33
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cec032a6061a6bb4e12d4101c19835412a822d8f5b2d6abd80db6b6b3131ea26
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63F02771B452555FDB289638C45821CBF52AF50224B3584AFCA494F241CF23DD43C7C2
                                                                                                                                                                                                                                          Function 04384560 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 4bdefdaf2ae0d63479d6774f1d4d60a65d37fa48b32e8add87ca400d066f32d8
                                                                                                                                                                                                                                          • Instruction ID: 7db0ff7ca76ce219d3fa1e5d26580aec2d87bf784b1e033163e0db8d9b6fb914
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4bdefdaf2ae0d63479d6774f1d4d60a65d37fa48b32e8add87ca400d066f32d8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65E02235300A011B9626B66DA84441FBA87FFC4260340887DE00D9B380EF74FC858BD8
                                                                                                                                                                                                                                          Function 043838B0 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7f08570f0d20a394ac9d17719d17a0a86f8296b77407488e7201de7f0d2df20a
                                                                                                                                                                                                                                          • Instruction ID: 292ddbe28dadadc2339ca95742ccff6df89c82d2ff06ea25f73b51462bb9d5a4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f08570f0d20a394ac9d17719d17a0a86f8296b77407488e7201de7f0d2df20a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5FE09261B1835816FF24356655A03EE9F894F82F18F11107ECD95CAB86E9D6E88183D2
                                                                                                                                                                                                                                          Function 0438AB90 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: f08025841abd506323ec61cdcd7aac567132d464279a5a9e8c181c9ba20168a2
                                                                                                                                                                                                                                          • Instruction ID: 98bdb64386310911684826be31c05a65da4c685692be2cae8b0da98e1e7c46c9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f08025841abd506323ec61cdcd7aac567132d464279a5a9e8c181c9ba20168a2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CCE09B753042109BD7186B69B899519BBE9EFC9221B15417EE50AC73A1D935CC058750
                                                                                                                                                                                                                                          Function 043836A9 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: cd10f2961dc99010b9f063d71fedc3191ec78ac668ed51025775c2a8cc8c6ce5
                                                                                                                                                                                                                                          • Instruction ID: 1fbda1ea86d2fd7ab89d018cda389b4a3be283c92ea0a845e36ffab4b9645988
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cd10f2961dc99010b9f063d71fedc3191ec78ac668ed51025775c2a8cc8c6ce5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81E0EDB1F01216AF8B44EFAD95802EEFBF49B48550B24486ED91AE7301F232D6428BD1
                                                                                                                                                                                                                                          Function 04386880 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d7dcef1a95bda7793504f5e6f91395cbcf6a5fd8f8693ad195eed0a64469d76c
                                                                                                                                                                                                                                          • Instruction ID: d963933cc197082f992d5469fb5a37ec91ef2d9d11c20588c5fcdc2da58c0405
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d7dcef1a95bda7793504f5e6f91395cbcf6a5fd8f8693ad195eed0a64469d76c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7AF030F250D3D26FD72647389864649BFB1EF5B211F1B46E7D284CA153D53498C2C392
                                                                                                                                                                                                                                          Function 043846C8 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: df018f03e5bd74484e75a198e1dcddc1ff69e4c92e98dabbcd34a689831c6db3
                                                                                                                                                                                                                                          • Instruction ID: 1181c734e86c1818708be4d73ee76b3180e8d644b611399f35b8b6b89581db3b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df018f03e5bd74484e75a198e1dcddc1ff69e4c92e98dabbcd34a689831c6db3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1DF015B5D0A248AFCB04EFA8D49159CBFF1EB45300F0184AAD858D7361EA385A498B41
                                                                                                                                                                                                                                          Function 043839E0 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 41851ceeef7566b163a1b308da8055410844648d5c5f06295babbb00e074e11d
                                                                                                                                                                                                                                          • Instruction ID: bde83efd728bb381deda2c92087ab171653d28a83b251ee85df14a9955855f1c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41851ceeef7566b163a1b308da8055410844648d5c5f06295babbb00e074e11d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40E04F3664021CBBDF057A99E804BEABF5AEF447B0F10D029FD5845260CA3A99A5E790
                                                                                                                                                                                                                                          Function 04386AAF Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: bfde9b3c6e458add2770e26a4595b0621807f2f7d8a971cb1d716dab7702c923
                                                                                                                                                                                                                                          • Instruction ID: 6db05bceeffed9c178cf9b6a6c71c19032f52fa6d5a7d8580c2207ffbf81b92a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bfde9b3c6e458add2770e26a4595b0621807f2f7d8a971cb1d716dab7702c923
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D7E092B53042149FD300DF98E880E85BBE4EF58214B1590A9E548CF353D721ED17CB50
                                                                                                                                                                                                                                          Function 043836B8 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 0cfa8bbc40a4569aa7e3c07af7d9aef3d38a138ce3fc30ebf22d8fba1c64544d
                                                                                                                                                                                                                                          • Instruction ID: 91f8d88ba97c91fb7e78c4566100be1a64b903e4133505e5a50fbe90bac23196
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0cfa8bbc40a4569aa7e3c07af7d9aef3d38a138ce3fc30ebf22d8fba1c64544d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8FE0E570F0121A9F8F40EFA999401AEFBF89F44540B10956DD919E7300F23296018BD1
                                                                                                                                                                                                                                          Function 0438C1D0 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: f7c37208ba2143b0633d2350955cb9ddfff9afe0a018e5a35412e07561fcbfbe
                                                                                                                                                                                                                                          • Instruction ID: bbbc50c28589a9f01ea3ca3da4a170d274d69cc8e02733316e2e7a85e91aa44c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f7c37208ba2143b0633d2350955cb9ddfff9afe0a018e5a35412e07561fcbfbe
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ADE06F312002005BC7106768F2842AE3B9AEBC4328F400829EA8AC3340CEB8AC828B80
                                                                                                                                                                                                                                          Function 04383CC0 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ce5676dad99c252f4e8d103ccf36a54c4fdb761d47239365bf1c18bb9bd8f9d8
                                                                                                                                                                                                                                          • Instruction ID: 45793d946959a370780f1e4775fcdb9c4288a2f83bbd891e718389a4d5694894
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce5676dad99c252f4e8d103ccf36a54c4fdb761d47239365bf1c18bb9bd8f9d8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51E0723A7000600BAB0121AC3000B7E37ABCBC0B62718007FE20EC3390CE379C2203C2
                                                                                                                                                                                                                                          Function 0438C678 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c6d880de6df4cb25c468a66d27957e025a57d4b0b3e9fecae62548869908657e
                                                                                                                                                                                                                                          • Instruction ID: e61f93cf39f255595aa908eebca206bd29a8c9925d6b09fc6b3f38559e75dde2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6d880de6df4cb25c468a66d27957e025a57d4b0b3e9fecae62548869908657e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68E0727270030293D3185B308880295FBAAEF88290B1CB279CE048A206DE30C883C391
                                                                                                                                                                                                                                          Function 04383CFF Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3d89684b80150b3548b2d90cd83e29ea770650777b7149923c4bef3b239a5068
                                                                                                                                                                                                                                          • Instruction ID: 785bb7945854da44ce2642e3ea47d7f0740e2550279d35bdefddcbc953e41ad8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d89684b80150b3548b2d90cd83e29ea770650777b7149923c4bef3b239a5068
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7FE0D8B0D05288AFCB01DF74EDA45CC7FB5EF02204B2184EED408DB2D2E9745E118741
                                                                                                                                                                                                                                          Function 0438C1E0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 582205da1a1bbeabba49066fec34b32606f1e7d6a156c130707d9a8985d0ecff
                                                                                                                                                                                                                                          • Instruction ID: 0dcc4a60eb4350eaeb9396cb1b7ebb89e5372abdd4bfd397273f42d8f5c84fec
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 582205da1a1bbeabba49066fec34b32606f1e7d6a156c130707d9a8985d0ecff
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6E0C23520070487C6157769F64456E7BDAFBC9765F40142DE54A87700CEB5BC458BD4
                                                                                                                                                                                                                                          Function 04383CD0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3710cfea2afa2cb5beb6d23fa8c5548c56c2f88a498bc1c80864ba5a76f33b5c
                                                                                                                                                                                                                                          • Instruction ID: a18c9155656b0fe7ba27e39f523bbad446d9096ac03a850a7e3a98c152ec9863
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3710cfea2afa2cb5beb6d23fa8c5548c56c2f88a498bc1c80864ba5a76f33b5c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CAD05E3A300220131B05319E745492EB6AECBC5F62314002EEA0AC3340CE77AC5113D5
                                                                                                                                                                                                                                          Function 04386AC0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7350b03495b6f888eb4c078535de03a8822d3d0f07c7ac0b1c9376d1e22406c3
                                                                                                                                                                                                                                          • Instruction ID: 760f591bf5c926d575b9b02f984dc262e7a1f658236fa2174f6db2e1d71c2fef
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7350b03495b6f888eb4c078535de03a8822d3d0f07c7ac0b1c9376d1e22406c3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DAE0ECB5304204DFD314DF5CD880C95BBE9FF592543558099E948CB312D762FD16CB90
                                                                                                                                                                                                                                          Function 043846D8 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 4499f1cb57ffc589e0ba7e4a9ab81133fcc2eb82759e2931ffd128704a4dd7eb
                                                                                                                                                                                                                                          • Instruction ID: b9dac04b8c3d6f8655b8b29961a5b2579529de5921476a09e01a00d1cd4849be
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4499f1cb57ffc589e0ba7e4a9ab81133fcc2eb82759e2931ffd128704a4dd7eb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77E0B674E0520CAFCB54EFE9D44459DBBF5EF48300F0085AAE809E7350EA346A548F81
                                                                                                                                                                                                                                          Function 043817F0 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9d27f1568250f4bb3966cccfee2c61e33274513604df9a37f6dcd66517cf9514
                                                                                                                                                                                                                                          • Instruction ID: c81771c5adb1010a98a9e0099e6b45a373f3706766f4083efdf960077f0057fe
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9d27f1568250f4bb3966cccfee2c61e33274513604df9a37f6dcd66517cf9514
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9AD05E767592C04FDB0AEB74B46A0EA7FB7FB56210308405BE8858A6A6CD2045B6C385
                                                                                                                                                                                                                                          Function 04380C0C Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3c60378d80b78c6bcd28df0fab7546959815266fedfe9ef92093188a770bcfac
                                                                                                                                                                                                                                          • Instruction ID: 2849cf96f27dc632e1232ec2975fb3f499eca2413903b4e0072cf53d96508b5c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c60378d80b78c6bcd28df0fab7546959815266fedfe9ef92093188a770bcfac
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87D0A73232121C6B57047658DC468AABBADEB943603504427FD0187210DD707C7183D9
                                                                                                                                                                                                                                          Function 04383938 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c296731f664876f2563fd6a611a7ae94e32b38006b660e63722039dffeacfd10
                                                                                                                                                                                                                                          • Instruction ID: b6d9d89c22c7848a1ab2a17ecb735369a34a5a9250c71abb4415235cbabf45dd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c296731f664876f2563fd6a611a7ae94e32b38006b660e63722039dffeacfd10
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08D0A752F4E3603BC71932A4245425EAB58CF42520F1354EBDE08DB253E4688C404381
                                                                                                                                                                                                                                          Function 04383D10 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 44431b6aea41f62e6b745a8c9430ae6aaa9a7f7c02c8c148c4c162cb4692a357
                                                                                                                                                                                                                                          • Instruction ID: 663c93911411e48f631559108cbf6b449ca0145a7dc676ed4e916025c17b8af1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44431b6aea41f62e6b745a8c9430ae6aaa9a7f7c02c8c148c4c162cb4692a357
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4D05E70A1010CEFCB04DFB8EA5599DBBF9EB45204B2085E9E408E7280EE716F109B90
                                                                                                                                                                                                                                          Function 0438E32A Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8b957247f088fff74c17ee8d9719ee02cda9e6c00b0e4ad3a878b59094dde42f
                                                                                                                                                                                                                                          • Instruction ID: 125bcbb586a010534371e6796a84733cf17b996167273e1528fedcef6528a116
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b957247f088fff74c17ee8d9719ee02cda9e6c00b0e4ad3a878b59094dde42f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47E0123060470BDBDB54AFE0D655AAEB771BB14305F205419D401E6244DBB49906DF40
                                                                                                                                                                                                                                          Function 04383C89 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 081b6e4cd9a875395a37dc0aeef8458520a19a91008a516378c057fee919bfb8
                                                                                                                                                                                                                                          • Instruction ID: bc4e4347d3412be3057669c5f4e0ce61005c77679144a36abdc35c19bcbe3972
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 081b6e4cd9a875395a37dc0aeef8458520a19a91008a516378c057fee919bfb8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6DD023B071574057DF4C1720A5553BC7B54C750600F010CADD70BC7741F52DE4704741
                                                                                                                                                                                                                                          Function 04382968 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 832eee81c90409bed6f5f59cd62e153ff93cdd328782361dad0013f1cf5a2a02
                                                                                                                                                                                                                                          • Instruction ID: dc8ffe3ccf81ce25dc8f42bae8dab88bb99068c9138c129b6af996d155dadf59
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 832eee81c90409bed6f5f59cd62e153ff93cdd328782361dad0013f1cf5a2a02
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9ED05EB490520ADFCB04DFB8ED0599EBBF9EB45200B2086A5E804D3215EA345E109B80
                                                                                                                                                                                                                                          Function 04380440 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2da8c5a53ab19cd83d00d02976c6eacfb365ae7354862fe78b1f040ae533f44f
                                                                                                                                                                                                                                          • Instruction ID: b6dd0a84e1ba3757e221818d6e2634d0cb20699b56fbf2a17b0a88e000027384
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2da8c5a53ab19cd83d00d02976c6eacfb365ae7354862fe78b1f040ae533f44f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99D012B7669692AFE702461804A14F3BB30FF7271A7954585D0C051047E3227033C770
                                                                                                                                                                                                                                          Function 0438A3A8 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 683f9e33664613dee676b5b5f2d9dbc606dc05437aceb624a8537ae9ff6823c0
                                                                                                                                                                                                                                          • Instruction ID: 1e060c5c4a0127e34e4d6f0b414c29ae6d59837fecb28f3283b98ebbd45ae9a4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 683f9e33664613dee676b5b5f2d9dbc606dc05437aceb624a8537ae9ff6823c0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5AD012357053199B8A056A55D910855F72AAF9566832890ADD94C0F715CA33EC43CBD0
                                                                                                                                                                                                                                          Function 04383C98 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: cb919f6354960b000eb126a42002d818aad17467e174e602475083d437bf4b31
                                                                                                                                                                                                                                          • Instruction ID: 5746d381d24c726f13a0e3065f99e6a6b53446d5b845e84f17037a74ed8532f1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cb919f6354960b000eb126a42002d818aad17467e174e602475083d437bf4b31
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3ED0C9307143048B8B48AB68E955565B7A9DB88A0831098ACA80AC7341EB3BF8228640
                                                                                                                                                                                                                                          Function 043846B0 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e93e989387ae9ebfb3bd9528832d08708db33f40a0758a05121db16dcee3dcbc
                                                                                                                                                                                                                                          • Instruction ID: 9c36901621b78b4dc7758e87f6a76a77276b82de15794381bc3e918e4af5488b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e93e989387ae9ebfb3bd9528832d08708db33f40a0758a05121db16dcee3dcbc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9B092B090630CAF8620DA99980186ABBACDB0A210B0001D9E90887320D972A91066D1
                                                                                                                                                                                                                                          Function 0438CAF0 Relevance: .0, Instructions: 3COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 6164f63dd8b0f9734b98ae2fefa1ac4e4918afba03b48bdbac597c7f92b978d8
                                                                                                                                                                                                                                          • Instruction ID: 8910158ea0dd65b9e6755f7954de80e9a112b2719a1393cc6eda40a534a99d3d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6164f63dd8b0f9734b98ae2fefa1ac4e4918afba03b48bdbac597c7f92b978d8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash:

                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                          Function 0438F7E8 Relevance: 7.6, Strings: 6, Instructions: 147COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (iq$,iq$,iq$Hiq$`]jq$`]jq
                                                                                                                                                                                                                                          • API String ID: 0-1949391042
                                                                                                                                                                                                                                          • Opcode ID: 4bf813735ae5dc9328d66305c868ad8f0360c9adcecfc28ef6d7774abb28572f
                                                                                                                                                                                                                                          • Instruction ID: 1ecd4bbb6d9e6c8d2fe4adbdec91679eac28f9a9f3dd087bf90eec025cc83d13
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4bf813735ae5dc9328d66305c868ad8f0360c9adcecfc28ef6d7774abb28572f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E412435B146188FDB14AB7CA45446E77AAEFCA72132510AFD106DB391DE30EC428799
                                                                                                                                                                                                                                          Function 04388BD8 Relevance: 6.7, Strings: 5, Instructions: 498COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (iq$.JsonTextReader+<MatchValueAsync>d__19$Json.JsonTextReader+<ParseNumberNaNAsync>d__26$WriteValueAsync>d__60$d
                                                                                                                                                                                                                                          • API String ID: 0-4209918045
                                                                                                                                                                                                                                          • Opcode ID: 5c7ea4a16df893b917428ce897d3550664da12302c6ddb63e166070bcff755a5
                                                                                                                                                                                                                                          • Instruction ID: 20c7c56a101cb4e30840a82ed6552c8bedc371c36e5b4a387eb0cb388415ac56
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5c7ea4a16df893b917428ce897d3550664da12302c6ddb63e166070bcff755a5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1121875A002098FDB14EFA8C480AADFBF2FF89314B559599E815AB365D730FD46CB80
                                                                                                                                                                                                                                          Function 0438C2D0 Relevance: 5.2, Strings: 4, Instructions: 178COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000003.2109889019.0000000004380000.00000040.00000800.00020000.00000000.sdmp, Offset: 04380000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_4380000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (iq$(iq$(iq$Xiq
                                                                                                                                                                                                                                          • API String ID: 0-3673428544
                                                                                                                                                                                                                                          • Opcode ID: 76445c50b4fbc3168f730a9b2c8d0becf785e26fd29113541640a389a9134884
                                                                                                                                                                                                                                          • Instruction ID: bbbec356f7c58db0ef8f2aa8dac73dc59438f4723348c51992a4a3662dd15cdb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76445c50b4fbc3168f730a9b2c8d0becf785e26fd29113541640a389a9134884
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F3515D317087504FD31AEB38D49066EBBE6EFC534071948AED546CB7A2DE28EC46C791

                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                          Function 070050B8 Relevance: .3, Instructions: 283COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000003.2121503869.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_3_7000000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b62f1aea0341b255f90e12294bb829adda32dbc89018897db3659e2d53d12547
                                                                                                                                                                                                                                          • Instruction ID: 86a3d8d56d8acb61babf223df9f49733ecd84eedc3f23839c7ab72090f3c01d8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b62f1aea0341b255f90e12294bb829adda32dbc89018897db3659e2d53d12547
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5FB12FB0E0020ACFEB54CFA9CD85BDDBBF1AF48324F148229D815A7294EB749855CF91
                                                                                                                                                                                                                                          Function 070059A8 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000003.2121503869.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_3_7000000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 146de50e2d213547fcb72a5cc354921e2d68a8c95342fffddd3f2430a6090435
                                                                                                                                                                                                                                          • Instruction ID: cafc1428d8c80ff7361ba331d17745793137cef0b70ad3582e8bc1be56e98cc5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 146de50e2d213547fcb72a5cc354921e2d68a8c95342fffddd3f2430a6090435
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F4B130B0E0020A8FEB50CFA8CD85B9DBBF2FF49324F148629D415A7294EB749855CF91
                                                                                                                                                                                                                                          Function 07001630 Relevance: 2.7, Strings: 2, Instructions: 160COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000003.2121503869.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_3_7000000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: $eq$$eq
                                                                                                                                                                                                                                          • API String ID: 0-2246304398
                                                                                                                                                                                                                                          • Opcode ID: e1506997b5101234f04b366991881311e9781fbef15cd3b626eed75bf9693c7f
                                                                                                                                                                                                                                          • Instruction ID: d3ab3c6f93f2b634f533890229b03a7f27af6ebfebdbff0e97e528745f53b825
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e1506997b5101234f04b366991881311e9781fbef15cd3b626eed75bf9693c7f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0051B0B5B002098FDB15DF78D844AAE7BF6EF89360F14826AE408D73A5DA309D01C7D1
                                                                                                                                                                                                                                          Function 07001080 Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000003.2121503869.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_3_7000000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (iq
                                                                                                                                                                                                                                          • API String ID: 0-3943945277
                                                                                                                                                                                                                                          • Opcode ID: 296cb74f6de6d615df0ae6c7cc7ffd460794f5d4a5c0c96a1c765a05a5a92b0c
                                                                                                                                                                                                                                          • Instruction ID: ef31d276f1256de08581f330d8d887aa990366a84f0edb3b70c1352871dcd735
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 296cb74f6de6d615df0ae6c7cc7ffd460794f5d4a5c0c96a1c765a05a5a92b0c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8771E5B5B10209DFEB05ABB5C914BAE76E7EFC8320F148129E506DB3A4DE30DD528781
                                                                                                                                                                                                                                          Function 07000C1C Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000003.2121503869.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_3_7000000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (iq
                                                                                                                                                                                                                                          • API String ID: 0-3943945277
                                                                                                                                                                                                                                          • Opcode ID: 9337a1c6484db1f563a8fc18805ae6a785b510acf4f9357266015a8878d0ebbb
                                                                                                                                                                                                                                          • Instruction ID: 485b9efb60618517b1ab809cd11e5b7f5b2c6530a0936c509e859ec22198db5c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9337a1c6484db1f563a8fc18805ae6a785b510acf4f9357266015a8878d0ebbb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08310470B092499FE715577888203BE3BF69F8A320F24859ED546AB2C2CE754D0587E3
                                                                                                                                                                                                                                          Function 070050AD Relevance: .3, Instructions: 311COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000003.2121503869.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_3_7000000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8eed1a6514477acb4a0f7650e062d4837050a6294987b005e9a96ecac5e66572
                                                                                                                                                                                                                                          • Instruction ID: 4bfeadf090187bfc0ed6c9a1ee605744a1ffeda4c2576f0f979130d33a5ebbd4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8eed1a6514477acb4a0f7650e062d4837050a6294987b005e9a96ecac5e66572
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4EC12AB0E0020ADFEB50CFA8CD85BDDBBF1AF49324F248229D415A7294EB749855CF91
                                                                                                                                                                                                                                          Function 0700599C Relevance: .3, Instructions: 269COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000003.2121503869.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_3_7000000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 62758e405ff4e835dd49c4bbcce95a16c89b3bf595b7b4e8d507ba95f0436859
                                                                                                                                                                                                                                          • Instruction ID: 1a466cf56250a5cfd57832c75bd1feaaa668bf156fc7235da30c8b383379bb72
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 62758e405ff4e835dd49c4bbcce95a16c89b3bf595b7b4e8d507ba95f0436859
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8DB12CB0E0020A8FEB50CFA8CD85B9DBBF1FF49324F148629D815A7294EB749855CF91
                                                                                                                                                                                                                                          Function 07002268 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000003.2121503869.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_3_7000000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 4c8fcc2c23bc18cbc20fb5e2ffbbefe9740c03e5e3ba10ef3182cca85442e239
                                                                                                                                                                                                                                          • Instruction ID: 083dfdac43e0918f63ebd2c420c6bd1af55ac51f271b611bb58ed609a9bc51c1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4c8fcc2c23bc18cbc20fb5e2ffbbefe9740c03e5e3ba10ef3182cca85442e239
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6411775B00108DFDB54DFA8D98499EBBF6FF89220B10816AE905EB360DB31DC41CB90
                                                                                                                                                                                                                                          Function 07001071 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000003.2121503869.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_3_7000000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 42c0ed5f41807830e749870b25a74cb9d297b288bdb5637882df04c88e04d0ae
                                                                                                                                                                                                                                          • Instruction ID: 19b1a4ecd04eaac7a3e30412fb98248c6147caa0323513d0d7b1f438204ed172
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 42c0ed5f41807830e749870b25a74cb9d297b288bdb5637882df04c88e04d0ae
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF2130B1B002099BDB148BB599506FEBBEAEFC8360F04413AD906D7381DE749D1187E1
                                                                                                                                                                                                                                          Function 07002258 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000003.2121503869.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_3_7000000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 18840f2dcfa22dc98c01244bf63805769ea5a153beb6c20d4e58e47e042027ac
                                                                                                                                                                                                                                          • Instruction ID: 8596413bcd1e4a30585ef9247453a87d7629589a7b21798325d767f3375de433
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 18840f2dcfa22dc98c01244bf63805769ea5a153beb6c20d4e58e47e042027ac
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0421F975A101189FCB54DF69D8849DEBBF6FF8D720F10812AE815A7360DB319841CBA0
                                                                                                                                                                                                                                          Function 07002B18 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000003.2121503869.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_3_7000000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2e510936214a96a1874589ea9998b657faf78b746aed7cf171e50393d9fecc18
                                                                                                                                                                                                                                          • Instruction ID: 8bd744b453fe95965081347ad9572ade95c3e524e1a540ab48b4f2c5e5c8566d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e510936214a96a1874589ea9998b657faf78b746aed7cf171e50393d9fecc18
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6711A3B5B001198FDB95BBBC50241BE7AE7AFC8661B10057AC50ADB380EF34CE0287D6
                                                                                                                                                                                                                                          Function 07001378 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000003.2121503869.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_3_7000000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 4e0b3fcfbb63c806f4bdb36fb1111ef9163502861fb6b4343486de530a62c223
                                                                                                                                                                                                                                          • Instruction ID: a81c8f72e5bb37ca450fa0d63ce9f821357a56b502b87db92f8e1ed47da31f9d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e0b3fcfbb63c806f4bdb36fb1111ef9163502861fb6b4343486de530a62c223
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 622104B1D042498EDB20DFAAC984AEEFBF4FF88324F10852AD51967240C7755945CFA1
                                                                                                                                                                                                                                          Function 07001380 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000003.2121503869.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_3_7000000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e0191241bae053eaaea19258d381b2ddcc74cd144677b0e2855ba26d37ffdd23
                                                                                                                                                                                                                                          • Instruction ID: d2338ec111b3f24ee42e7423836dc52af4c14efb2310ca30ab3ec9b638174793
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e0191241bae053eaaea19258d381b2ddcc74cd144677b0e2855ba26d37ffdd23
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C01106B5D042098FDB10DFAAC981AEEFBF4FF48320F10852AD51967250DB756945CFA1
                                                                                                                                                                                                                                          Function 07001829 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000003.2121503869.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_3_7000000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c0e93360f30f224279fd603d593a49a058c8e900e61ae309f7a7c1a3d9c50d55
                                                                                                                                                                                                                                          • Instruction ID: 30ca9f31bb67d36ba960e35361e3de2e9b7ee9089f9abb6c3accab1c60ab2a7a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0e93360f30f224279fd603d593a49a058c8e900e61ae309f7a7c1a3d9c50d55
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD01A2B2A0015DA7F724AA698854BEF7EEB9BC8320F214129E105B73C0CEB50D0187F3
                                                                                                                                                                                                                                          Function 07002B08 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000003.2121503869.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_3_7000000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 0fcbaaa50a1a59c3681c95227ae50e3bcbb31b9b8997343ee084b053714706ed
                                                                                                                                                                                                                                          • Instruction ID: 66239f25d0fd714163148a9994804dd4d55588c5d8eaa3ccfef6ed5d603b2cc9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0fcbaaa50a1a59c3681c95227ae50e3bcbb31b9b8997343ee084b053714706ed
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 690196B4B002158FDB55EF7850282BE7BE7AFC9652B14057AC90AD7380EF30C9028BD6
                                                                                                                                                                                                                                          Function 07001968 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000003.2121503869.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_3_7000000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 14f6c2c405042b69e325cba742fd9bf89a68c1db5fab1925089031a9bd2588ef
                                                                                                                                                                                                                                          • Instruction ID: 83facd956cdb7f71a41a158eaa5afda7d658d232d829e6437d00b34f56d94d55
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14f6c2c405042b69e325cba742fd9bf89a68c1db5fab1925089031a9bd2588ef
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D1100756002099FDB04DB94D554AAD7BB7FF8C325F144019E509E7380CF796865CB91
                                                                                                                                                                                                                                          Function 07002A68 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000003.2121503869.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_3_7000000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b7afb40f58bc030f13d3f499ec717674ca375577d72597cc9b85a7a4092677cc
                                                                                                                                                                                                                                          • Instruction ID: 23e421c6d6b612f02e73b1e899c4abdee9dcf558c0e5987a7c408c94d41a143a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b7afb40f58bc030f13d3f499ec717674ca375577d72597cc9b85a7a4092677cc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC01B175B10111CFD755AFB8E5196BE3BF6FB89721B20046AE809DB360EB319902CBC0
                                                                                                                                                                                                                                          Function 04A1D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2122966224.0000000004A1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A1D000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_4a1d000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a89f8ad05cc175270110abd1f2f24a4de0b9fe11d849ac753d581aeaf4633961
                                                                                                                                                                                                                                          • Instruction ID: 2d8a8cb9a060c63273476cd5f91edb447d696183663a8e199a6e9160db375a29
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a89f8ad05cc175270110abd1f2f24a4de0b9fe11d849ac753d581aeaf4633961
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F012B715043009AF7118F29DDC4767BF98DF41330F18C42AED4A0B156D379B941C6B1
                                                                                                                                                                                                                                          Function 07001440 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000003.2121503869.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_3_7000000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8950c3887ad3acd5e7bdd999f27b912043ec88295308625d65076537be503379
                                                                                                                                                                                                                                          • Instruction ID: 4627874deee36b8b884fc9c084aef69dd7ce108a46514ee32c834baed3738211
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8950c3887ad3acd5e7bdd999f27b912043ec88295308625d65076537be503379
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A601FEB164A34E5FD70A5BB45A3551B3F9BEEC2224789099AD205CF1F2F9245404C3E3
                                                                                                                                                                                                                                          Function 04A1D006 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.2122966224.0000000004A1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A1D000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_4a1d000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 6dd1833a84739cd00c9f728e80410888a537731a687f7f7633030ccead6e3efd
                                                                                                                                                                                                                                          • Instruction ID: 58180bf5449f11ac2b24bcfd64d8c0b90377a8821b93f243220b3942ba1af5ae
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6dd1833a84739cd00c9f728e80410888a537731a687f7f7633030ccead6e3efd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC015E7140E3C09FE7128B259D94B52BFA4EF53224F1881DBE9898F1A7C269A845C772
                                                                                                                                                                                                                                          Function 07002997 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000003.2121503869.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_3_7000000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a0dc35a5dc10a1dff1a7357192a99c43dcfd16a44283508c03c69e4ae26dbb78
                                                                                                                                                                                                                                          • Instruction ID: f154ca8571e43a099bb830f95128325195f05bb1e364c06fdd60e8f4d2a4e430
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a0dc35a5dc10a1dff1a7357192a99c43dcfd16a44283508c03c69e4ae26dbb78
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45012D302143458FE70A6B70DA186693FA7EF82330B0444ADE502CF292DF62E84187D1
                                                                                                                                                                                                                                          Function 07001431 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000003.2121503869.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_3_7000000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 54ea13ffc5788dfef94d1e025fcc4c4bd14ae0bfd4640319042fd31ab4656d32
                                                                                                                                                                                                                                          • Instruction ID: c231f5eda712ef45d3b297b9351ac927c429aed5e5641ed56f5a5daa193a431c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 54ea13ffc5788dfef94d1e025fcc4c4bd14ae0bfd4640319042fd31ab4656d32
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5F0C8B264520F5ED7095FB4662122A3F9AFEC1234785086E9605CF1A2FA24540087D3
                                                                                                                                                                                                                                          Function 07002A78 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000003.2121503869.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_3_7000000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7647430728cdb879837ac983d2332314587dddb348c0ed9d5beb3a90eab6322e
                                                                                                                                                                                                                                          • Instruction ID: 0bd59f7ed4beeb0a2349ca3424392bc0ced9066c51a70214f634653f7f7450cb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7647430728cdb879837ac983d2332314587dddb348c0ed9d5beb3a90eab6322e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45016D74B102148FC744EFB8D5196AE3BF6EB89611B100079E509D7350EB31AD02CBC1
                                                                                                                                                                                                                                          Function 070029A8 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000003.2121503869.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_3_7000000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b7c1e35b2c49b904f16531c5aed6ce64a77e95fceb2f185f4e392fa81cbeb388
                                                                                                                                                                                                                                          • Instruction ID: cffd353a1cac7133a35fd394003076325cd7d3f0ed5dc111c5fd19c6d8de900c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b7c1e35b2c49b904f16531c5aed6ce64a77e95fceb2f185f4e392fa81cbeb388
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1F0B4703003199BEB09ABB4DA1976A3B97EF81730B048528F6028B291DF71E84087D1
                                                                                                                                                                                                                                          Function 07002A20 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000003.2121503869.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_3_7000000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d013fd212169e3f235e2f1efddd92fee1eac08258746db5018a86b2c0d3e40f1
                                                                                                                                                                                                                                          • Instruction ID: 9db1cdbb055f3792ab4b6a06d461ec011fc9e22ffc64907ff00a98083ea8ef43
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d013fd212169e3f235e2f1efddd92fee1eac08258746db5018a86b2c0d3e40f1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97E0D87030B6A94FD7160B3465181BE7FA96DC363570552DBE447C71C2CF1E89528392
                                                                                                                                                                                                                                          Function 07005EB0 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000003.2121503869.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_3_7000000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9f23207282eed388704542f0e6459442f7305c1485a7e289c83f9ade5411a523
                                                                                                                                                                                                                                          • Instruction ID: d9537cd64c8a7d7e8d058c3ae5c3e25d5927538a86451cf26503d77d759de4f3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f23207282eed388704542f0e6459442f7305c1485a7e289c83f9ade5411a523
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1FE08C312492641FC311977CA8549967BAD9F4A62072100DBF585CB263CA515C0183B6
                                                                                                                                                                                                                                          Function 070017F0 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000003.2121503869.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_3_7000000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 07d40a22f5849fcfe919f81ed2015e2d9b79206288c0fd55b1d2fa6be8c0c2fc
                                                                                                                                                                                                                                          • Instruction ID: 27ab88264c0caed618a6e8a34381842ac983aef399fe3b3140dd9699a9962902
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07d40a22f5849fcfe919f81ed2015e2d9b79206288c0fd55b1d2fa6be8c0c2fc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5BE0C2332192546FC3025B64A8518E57FB9EB5A22030400A7F881872A2CE615D21C7E2
                                                                                                                                                                                                                                          Function 07002A30 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000003.2121503869.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_3_7000000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7a0990e7d581381c86e924d4e2c787c682aed81fa3fdfa414ec5357dcd7485d2
                                                                                                                                                                                                                                          • Instruction ID: 5cb80c171aff93c06d93c1a00a8a620750cee0e6e15d9870560ff2ff0da1314c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a0990e7d581381c86e924d4e2c787c682aed81fa3fdfa414ec5357dcd7485d2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5DD02B7030193D87EA141736650D2BE35CD6B43771F010125F51AC32C0DF0ED94143C6
                                                                                                                                                                                                                                          Function 07002959 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000003.2121503869.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_3_7000000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3dd615bb5d89bad97bf2feeae3c507fda1f11116c69d0f21d0f1c12f610ea700
                                                                                                                                                                                                                                          • Instruction ID: 82d0e2459ce8849d8cc70519fc556df2ebc13491a935632a40d90afb0be4ebea
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3dd615bb5d89bad97bf2feeae3c507fda1f11116c69d0f21d0f1c12f610ea700
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0FE01A7050A2899FCB51CFB4E914679BFFAEF4220573099EFD884D7166DA341A05DB80
                                                                                                                                                                                                                                          Function 07000C48 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000003.2121503869.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_3_7000000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 4094e1cb8ec9236c9e6131954f41c2cd2879d6e32c2b79d85c19daca2e600d80
                                                                                                                                                                                                                                          • Instruction ID: 8acd161b0c2f103608636d49879eea8348bd4999af002d3663126dafe8c65f48
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4094e1cb8ec9236c9e6131954f41c2cd2879d6e32c2b79d85c19daca2e600d80
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8D0A7313245218BD204625CE854D6D3799DF4A724F40045AF10BC7361C951EC0007C8
                                                                                                                                                                                                                                          Function 07000C0C Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000003.2121503869.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_3_7000000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 124aaf63f20b19d0dc3c4c005ec8a69454cd200c218b3709545ad27f2fbc3de2
                                                                                                                                                                                                                                          • Instruction ID: d12c1ab3bae7b47e8dd8bc13781b3c1903ff60117751dbba0e2f8bf6c9eeb7aa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 124aaf63f20b19d0dc3c4c005ec8a69454cd200c218b3709545ad27f2fbc3de2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11D0A77222011C6B83016798DC85ABE7B99EB89370B504427F90283250CD606D1183D6
                                                                                                                                                                                                                                          Function 07002968 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000003.2121503869.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_3_7000000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 91a5884df983bf182acd2964dc07c5f6e15ae6973be6c15a08e89bbcbb94e903
                                                                                                                                                                                                                                          • Instruction ID: dde00700a225b2a026466300023a8b584f7d66dfb6518abe620c2024e8a6e986
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 91a5884df983bf182acd2964dc07c5f6e15ae6973be6c15a08e89bbcbb94e903
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23D05E7490120ADFCB00DFB4E905A6EBBFEEB45200B2086A5A804D3215EA315E009BC0
                                                                                                                                                                                                                                          Function 07000440 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000003.2121503869.0000000007000000.00000040.00000800.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_3_7000000_rundll32.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8e929c3900ccecc3237fb614bd30a3fa2486503ae298c2deaa01a0390de2bcfd
                                                                                                                                                                                                                                          • Instruction ID: 7e74a25eb07140b6bd58e75d178ea4fe7f77e357ee0a75a92bac5414ebc354dc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e929c3900ccecc3237fb614bd30a3fa2486503ae298c2deaa01a0390de2bcfd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2C0123100F2C06FC7128B249E19886FF7AAAE230032A83DAE08186022C6290A65C772

                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                          Function 00007FF848A80C1D Relevance: 28.3, Strings: 21, Instructions: 2014COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2183959750.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: 7UK$(7UK$(7UK$07UK$87UK$@7UK$H7UK$P7UK$X7UK$x6UK$x6UK$x6UK$x6UK$x6UK$x6UK$x6UK$6UK$6UK$6UK$6UK$6UK
                                                                                                                                                                                                                                          • API String ID: 0-980883226
                                                                                                                                                                                                                                          • Opcode ID: f0aeb6dac34294c0505a02e3ee71481ebb129313cec3ee0012c6d64fe625b9b5
                                                                                                                                                                                                                                          • Instruction ID: f2a91868e0fc96879241ab6cf0e544846f91dd8a3cf4d252e59e64b102d316d8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f0aeb6dac34294c0505a02e3ee71481ebb129313cec3ee0012c6d64fe625b9b5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5F26970D095198FEB98EB28D8997A9B3B2FF59345F5040F9C00ED7285CB75AA81CF24
                                                                                                                                                                                                                                          Function 00007FF848A88295 Relevance: 7.9, Strings: 6, Instructions: 425COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2183959750.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: ^$x6UK$x6UK$x6UK$7UK$7UK
                                                                                                                                                                                                                                          • API String ID: 0-996164078
                                                                                                                                                                                                                                          • Opcode ID: ede614af1761fe13bdf352c79c4daff9cfe49971533f8c866b60398ed7cd5e7d
                                                                                                                                                                                                                                          • Instruction ID: 3ccd60b214e015f6b9024c3d73115b1bb79bfbf0c049c5e4e56147fdad451825
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ede614af1761fe13bdf352c79c4daff9cfe49971533f8c866b60398ed7cd5e7d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2AF1E370909A1D8FDB98EB68D499BE8B7F1FF19341F1040AAD00DE72A1DB74A981DF11
                                                                                                                                                                                                                                          Function 00007FF848A80C89 Relevance: 7.1, Strings: 5, Instructions: 893COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2183959750.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: x6UK$x6UK$x6UK$x6UK$x6UK
                                                                                                                                                                                                                                          • API String ID: 0-3278357915
                                                                                                                                                                                                                                          • Opcode ID: 569349e5d8283ed2aa28cd6739f831755346510c625bd35fe8a80ba75026af57
                                                                                                                                                                                                                                          • Instruction ID: 95b384d81fd4baa0afe4abb14da3f085832955690dd310355ff4dd99ecf32aa2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 569349e5d8283ed2aa28cd6739f831755346510c625bd35fe8a80ba75026af57
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D72597091991D8FDB99EB18C4997A8B7A2FF58344F6004FDC00EE7295CB75A981CF24
                                                                                                                                                                                                                                          Function 00007FF848A8596C Relevance: 1.6, Strings: 1, Instructions: 387COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2183959750.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: M_^
                                                                                                                                                                                                                                          • API String ID: 0-3807191693
                                                                                                                                                                                                                                          • Opcode ID: e6934a5379c225adc192b7d1dca810650c643a86c0084745bbabfec6fa2ca2d0
                                                                                                                                                                                                                                          • Instruction ID: 3b1f3f6828683987fbf98b907608c0a3471bc8952963f1a12f5f44218c7018cf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e6934a5379c225adc192b7d1dca810650c643a86c0084745bbabfec6fa2ca2d0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 95B13A26A0E59A4FE314FB3CB8471F877E0EF523A1F0406BBC488CB193EA58554583B6
                                                                                                                                                                                                                                          Function 00007FF848A8C922 Relevance: .5, Instructions: 460COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2183959750.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 4de5e0cace83f3b0d716b57dbf794066c1ff074bf6f5e8643a52ebc5157964c6
                                                                                                                                                                                                                                          • Instruction ID: 9f45bd74e4a2398ae358ab737a1dd506478a8111c50fefd59ede4895bd1d19a0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4de5e0cace83f3b0d716b57dbf794066c1ff074bf6f5e8643a52ebc5157964c6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DFE1E23090DA8E8FEBA8EF28D8567E977D1FF54350F04426AD80DC7291DF7899448B92
                                                                                                                                                                                                                                          Function 00007FF848A8184E Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2183959750.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c2f3e5c58fba8aac2d2bc38a407794e6a0e1ee58f3f9162e186531f29ed9bc22
                                                                                                                                                                                                                                          • Instruction ID: 663e0ddc28661815bbec5e3874d897eaf10a1f58a5ace1b338e1bf78d6676664
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c2f3e5c58fba8aac2d2bc38a407794e6a0e1ee58f3f9162e186531f29ed9bc22
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92817C30D1955E8FE7A8EE24D45A7B9B3B2FF55341F5004B9C00DA7295CBB89A80CF24
                                                                                                                                                                                                                                          Function 00007FF848A81E7E Relevance: .2, Instructions: 190COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2183959750.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: dc6410c1f82a8e72c9176a3deef288b4774a61fec8214359572c915267fc3fd6
                                                                                                                                                                                                                                          • Instruction ID: cc3d8ea453cc90f8071558af661c211ef4839adafa54b855e5768b9387c1ad21
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc6410c1f82a8e72c9176a3deef288b4774a61fec8214359572c915267fc3fd6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1614B70D1952D8FEBA4EA28D84A7B9B3B1FF55340F5040F9D00D92281DBB4AE81CF25
                                                                                                                                                                                                                                          Function 00007FF848A81E88 Relevance: .2, Instructions: 178COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2183959750.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c1b0c0b66dd8dfb51dfdf98f076376fc250c7c30ba76e8c0910316f709cc6730
                                                                                                                                                                                                                                          • Instruction ID: 3dd9d5171c8df96f9c8d03988e975854ab0c077a03ceb91a677c70ab30ec9161
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c1b0c0b66dd8dfb51dfdf98f076376fc250c7c30ba76e8c0910316f709cc6730
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49514C70D1951D8FEBA4EA28D84A7B9B3B1EF55340F5040F9D00D96281DBB8AEC1CF65
                                                                                                                                                                                                                                          Function 00007FF848A81EB6 Relevance: .2, Instructions: 167COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2183959750.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ef6cff3a78efd0f77878166b87c886fbd2e8d0b988628cd790d9e1d538fac0e8
                                                                                                                                                                                                                                          • Instruction ID: d0afadee9a50275e995fc2a18f5a564d38b7012a39114ff764e817dcff576e3c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef6cff3a78efd0f77878166b87c886fbd2e8d0b988628cd790d9e1d538fac0e8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74511670D1952D8FEBA4EB28988A7E9B3B1EB55340F5041F9D00DD2281DBB4AEC1CF25
                                                                                                                                                                                                                                          Function 00007FF848A81B2F Relevance: 7.7, Strings: 6, Instructions: 233COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2183959750.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: x6UK$x6UK$6UK$6UK$6UK$6UK
                                                                                                                                                                                                                                          • API String ID: 0-1319960264
                                                                                                                                                                                                                                          • Opcode ID: 3b13dd9ea122965d349e822d7ada9ee5a8df3f9c17646c1c2fcdfff10d615a54
                                                                                                                                                                                                                                          • Instruction ID: e29e03b128fb6d92519c99d182ec4609dc426aef40cc7c35dcc900aa82862092
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b13dd9ea122965d349e822d7ada9ee5a8df3f9c17646c1c2fcdfff10d615a54
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7912770D0962D8FDBA4EA28C8857E9B3F2FF55341F5040B9D04DA7295CBB4AA81CF50
                                                                                                                                                                                                                                          Function 00007FF848A8337D Relevance: 4.0, Strings: 3, Instructions: 267COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2183959750.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: h7UK$h7UK$p7UK
                                                                                                                                                                                                                                          • API String ID: 0-661372305
                                                                                                                                                                                                                                          • Opcode ID: c2e318d02565816b7c8afd24f9ce0a67532624d65d9b692d9cff91a0a103a1d1
                                                                                                                                                                                                                                          • Instruction ID: 5a25abd9bc68be0f36c3afc271321a793f961e4f6bc6705ebce0cd2a999dd89c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c2e318d02565816b7c8afd24f9ce0a67532624d65d9b692d9cff91a0a103a1d1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04914C3090A61D8FEBA8EB28D4467A9B3B1FF55341F1051B9C00EE7285CF79A981CB65
                                                                                                                                                                                                                                          Function 00007FF848A879CC Relevance: 3.8, Strings: 3, Instructions: 44COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2183959750.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: @\UK$H\UK$P\UK
                                                                                                                                                                                                                                          • API String ID: 0-3685485363
                                                                                                                                                                                                                                          • Opcode ID: aaffd742712352409bd2e85b45dfd7b58a16b1189009e25b6820c9c283afb6fb
                                                                                                                                                                                                                                          • Instruction ID: 51f8c90e4f265e58a4f6bd212a3e8b922f6fba8cd140249a456ee16cd1d4658d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aaffd742712352409bd2e85b45dfd7b58a16b1189009e25b6820c9c283afb6fb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD016230D1988E9EFB84FBA8E4166EDBBB2EF44351F500172D40CD714ECF6468414750
                                                                                                                                                                                                                                          Function 00007FF848A82FFA Relevance: 2.9, Strings: 2, Instructions: 370COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2183959750.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: `7UK$`7UK
                                                                                                                                                                                                                                          • API String ID: 0-697388810
                                                                                                                                                                                                                                          • Opcode ID: 022d72e6cf4a0ad4e809683efe028d82f7ba47a62ce2ca80ba9095d89de49068
                                                                                                                                                                                                                                          • Instruction ID: b2cc3c87106606da9503313ed0fd3074bae8ae4d22b25e320ef05029ef282477
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 022d72e6cf4a0ad4e809683efe028d82f7ba47a62ce2ca80ba9095d89de49068
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83B1B66690E5E65AE301FBBCB8631FD7BA0DF423B9F085177D5CC89083ED18524A83A5
                                                                                                                                                                                                                                          Function 00007FF848A8D7BE Relevance: 2.8, Strings: 2, Instructions: 313COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2183959750.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: @8UK$H8UK
                                                                                                                                                                                                                                          • API String ID: 0-479862761
                                                                                                                                                                                                                                          • Opcode ID: 672bddcc5c9f28929b8bdfffa9a1d5898fccadd31a24e6ed25627f76a183efb3
                                                                                                                                                                                                                                          • Instruction ID: 398c8e43daabfafc9012aad66cca22d2a027da64e3326318dcaadd476424b42f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 672bddcc5c9f28929b8bdfffa9a1d5898fccadd31a24e6ed25627f76a183efb3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 31B1B270A1895D8FDF94EF68C899BA8BBF1FF69301F1041AAD00DE7251DB70A981CB51
                                                                                                                                                                                                                                          Function 00007FF848A8D1F4 Relevance: 2.6, Strings: 2, Instructions: 110COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2183959750.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: 8UK$(8UK
                                                                                                                                                                                                                                          • API String ID: 0-2078239054
                                                                                                                                                                                                                                          • Opcode ID: ea1b7fb7760441296a2778d932f2193e21fffe77a3174264c5f8bebd9b3ad754
                                                                                                                                                                                                                                          • Instruction ID: 8ba6341be016bd646e27154bd0b3547ece3ebbf50db994267a87e9e677142bf9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea1b7fb7760441296a2778d932f2193e21fffe77a3174264c5f8bebd9b3ad754
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72310330D1990DCFDB94EBA8E486AACBBB2FF59341F500079D00DE7295DB78A8418B25
                                                                                                                                                                                                                                          Function 00007FF848A87A45 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2183959750.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: x6UK
                                                                                                                                                                                                                                          • API String ID: 0-2313944900
                                                                                                                                                                                                                                          • Opcode ID: 1e496cdc0db91c1632d03ec00687b1c83c0bf0e82c451204431f53e81bd0e46e
                                                                                                                                                                                                                                          • Instruction ID: 8d6eacb056ea2f8fabd3f845c375065a92e9c6a4e901d1a74188bf2258bf9dc6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e496cdc0db91c1632d03ec00687b1c83c0bf0e82c451204431f53e81bd0e46e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E418B70D19A5D8FEB41EBA8D4466EDBBF1FF59301F50007AD009DB296CBB8A841CB61
                                                                                                                                                                                                                                          Function 00007FF848A849F1 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2183959750.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: x7UK
                                                                                                                                                                                                                                          • API String ID: 0-2284426611
                                                                                                                                                                                                                                          • Opcode ID: 528bfee10e6712860a3c71efe04ddbadaed27615d5c990cd0aa5059f367256f7
                                                                                                                                                                                                                                          • Instruction ID: e3edbd017f351a2525364fbc21197374dda77dab6eb156f386543afea63e600d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 528bfee10e6712860a3c71efe04ddbadaed27615d5c990cd0aa5059f367256f7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D231EC30A1A64D8FEB84EE68D455BA9B3E2FF55344FA14578D00DC7246CE76E842CB14
                                                                                                                                                                                                                                          Function 00007FF848A83B7D Relevance: 1.3, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2183959750.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: h\UK
                                                                                                                                                                                                                                          • API String ID: 0-2628970029
                                                                                                                                                                                                                                          • Opcode ID: 0ee348460cafcdfed4dca52180a0f04baf28cb6ef64ee3449c1bde0115dccf1a
                                                                                                                                                                                                                                          • Instruction ID: 2562ac12a7e3c3a7084002354c1f03d5f97afcdf79c5d578675210c90cec1be2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ee348460cafcdfed4dca52180a0f04baf28cb6ef64ee3449c1bde0115dccf1a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D911CB71D0E6498FEB04EB68D44A2FEBBF1EF45340F0111B5D009D7292CB78A5448B56
                                                                                                                                                                                                                                          Function 00007FF848A8B679 Relevance: .4, Instructions: 414COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2183959750.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 316abe14f40f0511f3d766753ed58044ce41aa2d1883122f53a70dc9778ce310
                                                                                                                                                                                                                                          • Instruction ID: 9d11ec2a7c62ec11ccb15859bc4765d559063850404529b6bca7aaed63fb818a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 316abe14f40f0511f3d766753ed58044ce41aa2d1883122f53a70dc9778ce310
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5D1E53090DA8D8FEB68EF28D8567E977D1FF54340F04426EE84DC7291CB74A8458B92
                                                                                                                                                                                                                                          Function 00007FF848A8673A Relevance: .4, Instructions: 382COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2183959750.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b3afb083d996a63530f43822205f4cd75100b88c32ec71aa23408b6c7e41827c
                                                                                                                                                                                                                                          • Instruction ID: f3206835656a57bea439ac2960fd431db791f564f4a63c3e0a383b014bfd23e4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3afb083d996a63530f43822205f4cd75100b88c32ec71aa23408b6c7e41827c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04D13D71C0EA8A4FF795EB28984B6A57BE0FF11390F0C05F9D049C71D3EB68980587A6
                                                                                                                                                                                                                                          Function 00007FF848A8C536 Relevance: .3, Instructions: 333COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2183959750.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ba407c0f8d8c3ac8db7a3238794bca3cc1162423a154cdafa476b752e03238fa
                                                                                                                                                                                                                                          • Instruction ID: 36333ad2d3ef6e1356d49132c8193cf643e1fabc26e88b7aeed9df38d764a8e9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ba407c0f8d8c3ac8db7a3238794bca3cc1162423a154cdafa476b752e03238fa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 95B1E53090DA8D8FDBA9EF28D8567E93BD0FF55350F04426AE84DC7292CB749845CB92
                                                                                                                                                                                                                                          Function 00007FF848B70003 Relevance: .3, Instructions: 330COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2184262720.00007FF848B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848B70000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848b70000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 04e297a3aff9ac7ac46ba3c337d31aa969fa191a8f77b7eb0cd521168b130e65
                                                                                                                                                                                                                                          • Instruction ID: e69faf1d6da541ba57db018bb06361977758024c8aa7f66ed5bb4623b496dc57
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 04e297a3aff9ac7ac46ba3c337d31aa969fa191a8f77b7eb0cd521168b130e65
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF91F571B0CB884FD759EB6C98986347BE1EF5A750B0901FBD08AC76A3CE18AC028745
                                                                                                                                                                                                                                          Function 00007FF848A8946C Relevance: .2, Instructions: 193COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2183959750.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 55b7b7e6d352c094e0caa323bebbc5f61789639781b78cbcf5aadb0709aca751
                                                                                                                                                                                                                                          • Instruction ID: b64733e9d126121a4e7b305e61bb4e3aa46c3fc847d2bdbd1df59656cc415b25
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 55b7b7e6d352c094e0caa323bebbc5f61789639781b78cbcf5aadb0709aca751
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B518030918A4C8FDB59EF58D845BE9BBF1FB59310F0482AAD00DD3252DF74A985CB92
                                                                                                                                                                                                                                          Function 00007FF848B70853 Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2184262720.00007FF848B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848B70000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848b70000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 04012c65ee42f45f3744f8c8646e0de05f988aec576884c852f387a9a041f111
                                                                                                                                                                                                                                          • Instruction ID: 7461ca94b5b3aa534d9e774b863b705517634b09f20086e17558bddc9ebd75db
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 04012c65ee42f45f3744f8c8646e0de05f988aec576884c852f387a9a041f111
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E41F42070CB894FE799AB3C98596747BE1EF87310F4502EFD08EC76A3CA199C428785
                                                                                                                                                                                                                                          Function 00007FF848B704DE Relevance: .1, Instructions: 148COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2184262720.00007FF848B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848B70000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848b70000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 69ffef272b509127f94ef1e751bb56d03a2082651a274a4f9e4b507fffdf4935
                                                                                                                                                                                                                                          • Instruction ID: 44c39165c71320f95312f655a150b212a254d3ea201fa675c520d07d12298ca3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 69ffef272b509127f94ef1e751bb56d03a2082651a274a4f9e4b507fffdf4935
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0841F462E0DFC54FE392ABBC48965647FE0EF6A75070900FBC089C76A3DA18AC46C341
                                                                                                                                                                                                                                          Function 00007FF848A8E6D9 Relevance: .1, Instructions: 135COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2183959750.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 626197544b149f490ffc54e1f5bbad995a878d40585565ba22e63c8c8ee51e99
                                                                                                                                                                                                                                          • Instruction ID: 6b692f926881c4b3562a5a73eaaa7020bbcfc175a5ac3c0cbf06ca82be477446
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 626197544b149f490ffc54e1f5bbad995a878d40585565ba22e63c8c8ee51e99
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A141E630D0951DCFDB88EF98D895ABEB7B1FF59300F140469E00AE7291CB75A851CB65
                                                                                                                                                                                                                                          Function 00007FF848A863FB Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2183959750.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 64e17cea36b131718c6ad61e2e6564b6d09af3b7ad24ad26aaae44847ebe2d54
                                                                                                                                                                                                                                          • Instruction ID: a943518698b031b818b90548db3b4cc15a0d74eee64877d1dd29fb01daadf8c6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 64e17cea36b131718c6ad61e2e6564b6d09af3b7ad24ad26aaae44847ebe2d54
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11313272A1DACE4FEB85EF28E8462E937A0FF55380F100576E419C3186CB75A802C362
                                                                                                                                                                                                                                          Function 00007FF848A847CD Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2183959750.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a66cc45607b4670f9a6d2093755f48aa314e35c4994abb215a1f8ce91f5fc9e8
                                                                                                                                                                                                                                          • Instruction ID: d27b67924cb8044527df6bafb93cf25b9f41e0262087c0cac99a6e9d4eb32922
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a66cc45607b4670f9a6d2093755f48aa314e35c4994abb215a1f8ce91f5fc9e8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1431E262D0F5C69FE701FB78685A2F97BA0FF12644F1900B7D058870D3EE689949C3A6
                                                                                                                                                                                                                                          Function 00007FF848A87C51 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2183959750.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 761d6d1261596df28c32c008737a2267d6e7bea221f2355089b01eb6d79a5523
                                                                                                                                                                                                                                          • Instruction ID: 9a3c77fd05a7d0bbc93ed727dd877386aa73d9e8bc1b1a9158f2108e85351faa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 761d6d1261596df28c32c008737a2267d6e7bea221f2355089b01eb6d79a5523
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D531BF71E1964D8FEB80EB68E8466EEBBF2FF55301F400166D008DB295CB7899418B61
                                                                                                                                                                                                                                          Function 00007FF848A84EFA Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2183959750.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c98fab4fa2415548a610dd2c74d69fbf7b7112352ab704d3cff848f3e9155860
                                                                                                                                                                                                                                          • Instruction ID: 31ca1bc07bd17bad9f9deab152229cd939786f854f6aaf659dd40feffb079037
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c98fab4fa2415548a610dd2c74d69fbf7b7112352ab704d3cff848f3e9155860
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3721D672A0E6CD4FD745EF28E8621EA7BA0FF45320B0402BBE448C7193CE649905C7A5
                                                                                                                                                                                                                                          Function 00007FF848A87DC1 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2183959750.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 46873d023b3ba197d8dfeb3d9f38b1c3cbcc722f6a2d50a5553ee358f7739951
                                                                                                                                                                                                                                          • Instruction ID: b62b8cbeccb0bf508263127adacd466dfd9fa5a1480f723bec70d8b99b531d06
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 46873d023b3ba197d8dfeb3d9f38b1c3cbcc722f6a2d50a5553ee358f7739951
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59213A70D19A5D9FEB80EBA8D8496EDBBF1FF58351F000476E008E7252DB34A8418B51
                                                                                                                                                                                                                                          Function 00007FF848A8483D Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2183959750.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 6aab14a4965f4be6ff4c926e225001f007465fd13580c842fc2b2020633c716d
                                                                                                                                                                                                                                          • Instruction ID: ee397bd57178e199fad3e13633321a6c6812ffab421096fd101960ecf7948e9f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6aab14a4965f4be6ff4c926e225001f007465fd13580c842fc2b2020633c716d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 43110432C0E6C95FE710FF78A8A21F97BA0EF02244F0401B6E44C870D3EE689655C796
                                                                                                                                                                                                                                          Function 00007FF848A8D12C Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2183959750.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 1b6ff3bc7a620277eaa267778b63f3a46e62c65d110e0c28b517115de04b8f7d
                                                                                                                                                                                                                                          • Instruction ID: e95eddd8db7b819f07f89b1a2b9860ecfb416b2f7d281b0a151425fd1ba17ea3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b6ff3bc7a620277eaa267778b63f3a46e62c65d110e0c28b517115de04b8f7d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0211A230A1991DDFDF84EBA8E485AECBBB1FF59351F540069E009E3251DB75A8418B11
                                                                                                                                                                                                                                          Function 00007FF848A835AB Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2183959750.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3634682458619624b8404908b3c5667cb231ba2be0762fb25e89e7d830ba49ab
                                                                                                                                                                                                                                          • Instruction ID: 93379cf6aac8f6cc7fd4621d0636c980ad81770a866fd2f354696e5498f546db
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3634682458619624b8404908b3c5667cb231ba2be0762fb25e89e7d830ba49ab
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B01C43090992D8FDBA8EB18E8957EDB2B1FB19340F5054B9900EE3281CB755A84CF15
                                                                                                                                                                                                                                          Function 00007FF848A86E93 Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.2183959750.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d70eb09a5267038c16eb53b5d2935c6e32ec797e7cd7afde16e9bd8f6281adfe
                                                                                                                                                                                                                                          • Instruction ID: daed1f20b0c22eb9b07cd42a62df6dcfbeaed050f8e0da36ef0e939e26bb3ea1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d70eb09a5267038c16eb53b5d2935c6e32ec797e7cd7afde16e9bd8f6281adfe
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 609002018CF46E05E4447055384B1D471648745160FCA6861EC1C5814699CE1DD611AE

                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                          Function 00007FF848CAF741 Relevance: 3.8, Strings: 2, Instructions: 1286COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: #+_H$'+_H
                                                                                                                                                                                                                                          • API String ID: 0-3077044972
                                                                                                                                                                                                                                          • Opcode ID: 6622317427f8e9ee287f87283a9cd6b7e88f1f5525045b4a20d0482ec947250c
                                                                                                                                                                                                                                          • Instruction ID: c61de41bd6759700f76db809c71cd4c0ca49db91354f3c1ca59cc30271491fc3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6622317427f8e9ee287f87283a9cd6b7e88f1f5525045b4a20d0482ec947250c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D92B270A1DA8A9FEB99FF7884556A9B7E1FF64340F1440B9C40AC7296CF39AC46C740
                                                                                                                                                                                                                                          Function 00007FF848CA66BC Relevance: 1.0, Instructions: 966COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 94302f841e9dab25f0d064abfa65bc98e2b25a87d90c07fadb5bf18eb0bb1b4c
                                                                                                                                                                                                                                          • Instruction ID: da953579593ca9652755bbb12cf2a657b9315c0e74cf74dca6a0369c1d56f28c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 94302f841e9dab25f0d064abfa65bc98e2b25a87d90c07fadb5bf18eb0bb1b4c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4662B170A1DA4A9FE798EA28885AB79B7E1FF54784F5040BDD009C7292DF39EC46C740
                                                                                                                                                                                                                                          Function 00007FF848CA1662 Relevance: .9, Instructions: 933COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a07a32ae0489ddb41a557f356e57a604e8e7f0129ccad3dbcc85b64d2f223a7c
                                                                                                                                                                                                                                          • Instruction ID: 1501aa750149a6227d4be8c4c18b596fcab5eb8cb2ffe53f6f044f003b11e815
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a07a32ae0489ddb41a557f356e57a604e8e7f0129ccad3dbcc85b64d2f223a7c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 79529230A1CA498FE794FB2CD459BB977E1EF98340F1445BAD04EC72A2DF24AC458745
                                                                                                                                                                                                                                          Function 00007FF848AA1D9A Relevance: .6, Instructions: 623COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 388effc65d17c0c7948714bc8e0a6496d5494605da5e31d494ed283aa023817b
                                                                                                                                                                                                                                          • Instruction ID: 6273eb7961693d236366f8b6dd79f01aafe4d6a54479a3fef7d89d33fe0d3fad
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 388effc65d17c0c7948714bc8e0a6496d5494605da5e31d494ed283aa023817b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0220470A1DB854FD359EB28809167ABBE1FF96340F04457ED48AC3692CB78E846C792
                                                                                                                                                                                                                                          Function 00007FF848CB51B8 Relevance: .5, Instructions: 538COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 34ab3371f6c7689a150e621f69352c94cda58b8d997ff5ac32901f674be668b4
                                                                                                                                                                                                                                          • Instruction ID: 8d1fe86bb19c9414231fe4b549b399e4f8074aafcaed34992af366ca3bc682e5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 34ab3371f6c7689a150e621f69352c94cda58b8d997ff5ac32901f674be668b4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A402C330A1DA498FE795EB28C859675B7E1EF69341F1440BDD04ECB6A3DE29EC46C700
                                                                                                                                                                                                                                          Function 00007FF848CB51BD Relevance: .5, Instructions: 479COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: aa52a448fe3fd688b7f29899e3ed6aa79a5c5ae1a8d2f4ef5cd0f16a25e48cfa
                                                                                                                                                                                                                                          • Instruction ID: c40840488d670ce8b40cad459562e03bba2b96e09502bc3f32cfcbdc0b9e34d3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa52a448fe3fd688b7f29899e3ed6aa79a5c5ae1a8d2f4ef5cd0f16a25e48cfa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 84F1BF30A1DA498FE795EB28C459675B7E1EF69341F1440B9D04EC76A3DE2AAC4AC700
                                                                                                                                                                                                                                          Function 00007FF848CB51A0 Relevance: .4, Instructions: 444COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 875073cfeb472e10a8689a82bcbeee296ae0c7525cc64e86c47bf6af0c89795f
                                                                                                                                                                                                                                          • Instruction ID: f4f799b18f220a112656fa28d417481d7ac470c408dc0e4731d3aff555f1f7ea
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 875073cfeb472e10a8689a82bcbeee296ae0c7525cc64e86c47bf6af0c89795f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5E19E30A1DA498FE799EB28C859675B7E1EF69341F1440BDD04EC76A3DE2AEC46C700
                                                                                                                                                                                                                                          Function 00007FF848A90D42 Relevance: .3, Instructions: 304COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ac3a34747f4314bfc8478905df412f0097156445f01b7f8dfa381ad17df84548
                                                                                                                                                                                                                                          • Instruction ID: f9cfb8dcc969e2be8dafa007f09af716cdfe1dd3a69360f241e79af6cfd742c9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ac3a34747f4314bfc8478905df412f0097156445f01b7f8dfa381ad17df84548
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 84B1BA7090E61A8FDB98EF24C8997A9B7B1FF49308F1004FDC01E97291CB396985CB15
                                                                                                                                                                                                                                          Function 00007FF848A94E6B Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8027f647a7cc4558dc15b20dc0f3dcaad248f52311c864b1adc9c901fe3428cb
                                                                                                                                                                                                                                          • Instruction ID: aabe51cd0e2da834150389630c6b251bf5cd4f4cde9de6b478a87fa27df5914f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8027f647a7cc4558dc15b20dc0f3dcaad248f52311c864b1adc9c901fe3428cb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B419F70D0E64A8FD759EF74845A2FDBBF0EF46254F0448B9C009972E2CBB91845CB65
                                                                                                                                                                                                                                          Function 00007FF848AA03DA Relevance: 2.9, Strings: 2, Instructions: 420COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: H$d
                                                                                                                                                                                                                                          • API String ID: 0-989806989
                                                                                                                                                                                                                                          • Opcode ID: 0208f47738b5e44a636341902d9c474f0f085f772307597c4e21d8eaf8e44039
                                                                                                                                                                                                                                          • Instruction ID: 71a2bb1fdd0f8d633518e20c21f77deaf433ff38880cec603ab836e046f52aa7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0208f47738b5e44a636341902d9c474f0f085f772307597c4e21d8eaf8e44039
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AFC12330A1DB468FE759FB28844163577E1FFA5380F1445BEC08AC7592CE79F8428796
                                                                                                                                                                                                                                          Function 00007FF848CA50FA Relevance: 2.2, Strings: 1, Instructions: 983COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: M9_H
                                                                                                                                                                                                                                          • API String ID: 0-648284634
                                                                                                                                                                                                                                          • Opcode ID: c456b074c9f27cc96eeea21537049386a3da10dfa6a484f0892d0569312179e9
                                                                                                                                                                                                                                          • Instruction ID: 6655ed86bace4abfd1149782e7aef3973a18d4d98a4804c6a30a09e34eb851d0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c456b074c9f27cc96eeea21537049386a3da10dfa6a484f0892d0569312179e9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE629231A1CB8A9FE798EB68C44567AB7E1FF58380F5484B9D449C72A2DF38E841C741
                                                                                                                                                                                                                                          Function 00007FF848CABEFD Relevance: 1.7, Strings: 1, Instructions: 452COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: _
                                                                                                                                                                                                                                          • API String ID: 0-701932520
                                                                                                                                                                                                                                          • Opcode ID: 87f7de5111b13a1c6f5af1c36d2ebcd8854721965995df721cd70ea12637fc74
                                                                                                                                                                                                                                          • Instruction ID: 9d1ff3449f2c79f30a3ef505596e717509651e4b14305cc6ac60485c0d1ffea4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87f7de5111b13a1c6f5af1c36d2ebcd8854721965995df721cd70ea12637fc74
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D4D13631E1DF8A5FEB98EB3898596B977D1EF95780F0401BED049C7293DE28AC068345
                                                                                                                                                                                                                                          Function 00007FF848AA5820 Relevance: 1.7, Strings: 1, Instructions: 415COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: HR_H
                                                                                                                                                                                                                                          • API String ID: 0-1442372905
                                                                                                                                                                                                                                          • Opcode ID: fe04a956ea7229ebd6cdfdd658cf09976199070a5f8b0d252dca72ea3c4e0413
                                                                                                                                                                                                                                          • Instruction ID: 33266f67380c440eed6dd1f9fce2a85dc5665d9971a010acf692975661845db1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe04a956ea7229ebd6cdfdd658cf09976199070a5f8b0d252dca72ea3c4e0413
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6BA17922F1EE0A4FE3E5E5AC645A27863C1EF986E1F10017BC44DC72D6EE58DC06436A
                                                                                                                                                                                                                                          Function 00007FF848A9E6F8 Relevance: 1.6, Strings: 1, Instructions: 387COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: d
                                                                                                                                                                                                                                          • API String ID: 0-2564639436
                                                                                                                                                                                                                                          • Opcode ID: 73cc607c03de277937e579e8e69f26d7a722b80c52e0479155e4ab60b7ea706e
                                                                                                                                                                                                                                          • Instruction ID: 5e767a2edcf3cecc3ef41a9d439af3581ff29f74ded8d879c459f6e16565f90b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73cc607c03de277937e579e8e69f26d7a722b80c52e0479155e4ab60b7ea706e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7CC1D030A1DB458FD768EA18D442636B3E1FF99384F14497DD08A83A96CE75F8438B86
                                                                                                                                                                                                                                          Function 00007FF848AA3550 Relevance: 1.6, Strings: 1, Instructions: 373COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: d
                                                                                                                                                                                                                                          • API String ID: 0-2564639436
                                                                                                                                                                                                                                          • Opcode ID: e91327b2ab30a6a581e4459e71675a85994f68103bfba16c7fd11e7f8fd0e24b
                                                                                                                                                                                                                                          • Instruction ID: d0df375caef5fa3586bd9f1a7d9055444cb712789ae26b6787e428d356e53bd1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e91327b2ab30a6a581e4459e71675a85994f68103bfba16c7fd11e7f8fd0e24b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E4B1DF30A1EB468FD728EA18D442535B3E1FF94380F14497DE08AC3A96DB75F8428B96
                                                                                                                                                                                                                                          Function 00007FF848A9BC68 Relevance: 1.6, Strings: 1, Instructions: 310COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: ]L_^
                                                                                                                                                                                                                                          • API String ID: 0-3495117231
                                                                                                                                                                                                                                          • Opcode ID: 899939920365ffb12ce88ee1e8058603e67c4f8e6d054d8c79490cb4a80508c6
                                                                                                                                                                                                                                          • Instruction ID: da13d2936696b85d4f721dfb7e63c13a05b6b7af480a10f77da930165aab1ab6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 899939920365ffb12ce88ee1e8058603e67c4f8e6d054d8c79490cb4a80508c6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3491D662A0E6D11FD302F7BC78571FD3BA0DF432B5B0945F7C4888A493E958198A83A6
                                                                                                                                                                                                                                          Function 00007FF848CB17A6 Relevance: 1.6, Strings: 1, Instructions: 305COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: H
                                                                                                                                                                                                                                          • API String ID: 0-2852464175
                                                                                                                                                                                                                                          • Opcode ID: cadee2223b306db369721d197219e8c3615489a81da9fc56b4d4b58f621ef2d4
                                                                                                                                                                                                                                          • Instruction ID: 5b29ebe12a916328eb57838f74bfe5fa4ec0e4205755fc67ca6f7f089d7f817b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cadee2223b306db369721d197219e8c3615489a81da9fc56b4d4b58f621ef2d4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7914931A0DF854FE7A5EB28A44667577D1EF99350F0401BFD089C7297CA29AC46C386
                                                                                                                                                                                                                                          Function 00007FF848AA7195 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: \
                                                                                                                                                                                                                                          • API String ID: 0-2967466578
                                                                                                                                                                                                                                          • Opcode ID: 910c9ac198c0ae044ee7b9974a9fcdbc8b4b47ee07b0d36eee95f33df78dfdf6
                                                                                                                                                                                                                                          • Instruction ID: 542c3b835dfa69c36d6b0cd8cffb190fda4e6f1d2d8ab98ef20c2d7b2ed8cabf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 910c9ac198c0ae044ee7b9974a9fcdbc8b4b47ee07b0d36eee95f33df78dfdf6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F981C070A1DB498FE768EF28841A67AB7E1FF98340F00457ED48DC3292DF74A8418756
                                                                                                                                                                                                                                          Function 00007FF848AA465D Relevance: 1.5, Strings: 1, Instructions: 259COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: 8M_H
                                                                                                                                                                                                                                          • API String ID: 0-700291576
                                                                                                                                                                                                                                          • Opcode ID: abea43d9e69da3582d2c46601694c5f2a9ae1e29fb32467d743a9694a3523c0d
                                                                                                                                                                                                                                          • Instruction ID: 8f1d5c1bdf23424a595ad7eae3ccca6f0cee56b7c9e6608a887dbe70973c49bd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: abea43d9e69da3582d2c46601694c5f2a9ae1e29fb32467d743a9694a3523c0d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24812430A1EB898FD755EF28D0825B5B7E0EF55390F14067EE48AC3A92DF75E4428742
                                                                                                                                                                                                                                          Function 00007FF848A9813C Relevance: 1.4, Strings: 1, Instructions: 179COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: X
                                                                                                                                                                                                                                          • API String ID: 0-3081909835
                                                                                                                                                                                                                                          • Opcode ID: ac72197adecc421903255b18863cc0a81616ffe4537c9c0f48f829c2d7ffc027
                                                                                                                                                                                                                                          • Instruction ID: acb4bb179d3ab9466415a1a5b7ee4c36c2a387f011f39e3c09d68017a807c67b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ac72197adecc421903255b18863cc0a81616ffe4537c9c0f48f829c2d7ffc027
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F61577080E61D8FDB58EB68C84A7EDBBB0EF09354F5005BAD009A72D2DB781985CF16
                                                                                                                                                                                                                                          Function 00007FF848A9FAD3 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (W_H
                                                                                                                                                                                                                                          • API String ID: 0-1746266305
                                                                                                                                                                                                                                          • Opcode ID: 69bb6d786a6448095a134d3ac65f04c42eb341136ada91f1f041ad424a706a38
                                                                                                                                                                                                                                          • Instruction ID: dd0b06461e3b587bfe54a8df216e3aa6244ff9846796f1149b8d6534ea0ec56f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 69bb6d786a6448095a134d3ac65f04c42eb341136ada91f1f041ad424a706a38
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D4415A71D1995A8FEBA9EF28D8997E8B3B0FF58745F0005F9840CD3296CE346AC18B11
                                                                                                                                                                                                                                          Function 00007FF848A9EFD3 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: WL_
                                                                                                                                                                                                                                          • API String ID: 0-3658996107
                                                                                                                                                                                                                                          • Opcode ID: 162e6782e584ea740ab478ebba4c92dc90c8f2d11e82a2489652d9734f5fefa0
                                                                                                                                                                                                                                          • Instruction ID: 00d89d379d6dbc0db2515206418d507ba7b74bf0e3a7d72a7470aa0a2d0d67df
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 162e6782e584ea740ab478ebba4c92dc90c8f2d11e82a2489652d9734f5fefa0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB21056290E6D54FE752FB3CA8661F93FA0EF43298F0801F7C588CB083EE1819498756
                                                                                                                                                                                                                                          Function 00007FF848AA3215 Relevance: 1.3, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: =K_H
                                                                                                                                                                                                                                          • API String ID: 0-451810680
                                                                                                                                                                                                                                          • Opcode ID: bf9560a14278bb80ce3d9b89fb4796872372a2807900c1c985dd1ae1b9a3d3bb
                                                                                                                                                                                                                                          • Instruction ID: 41497b0ab0d8305c4c7f45d691ac2da483f19c91bddf5861355f5ca3e986cd7c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf9560a14278bb80ce3d9b89fb4796872372a2807900c1c985dd1ae1b9a3d3bb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C2F0A721B1AE491FDD58F23850567BA23D1DF95380F44043AD50EC3685DE9868474356
                                                                                                                                                                                                                                          Function 00007FF848A9BB22 Relevance: .7, Instructions: 730COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e12e33c8257bf44b10bd11217f974c9854321ace189cdbed961b10347e52dad6
                                                                                                                                                                                                                                          • Instruction ID: 2b7cac4a0a4c411043e9d7988b3280f60ebd2834267eebef921456713da42b8e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e12e33c8257bf44b10bd11217f974c9854321ace189cdbed961b10347e52dad6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33324430A1DB868FD759EB2C8492239B7E1FF86780F14447DD08AC3692DB68F8468757
                                                                                                                                                                                                                                          Function 00007FF848A9A020 Relevance: .5, Instructions: 541COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a63a65ce8f855c23e0b9ae9f16a96f184671a30b0f1c0d517c5a8e6c8d169cba
                                                                                                                                                                                                                                          • Instruction ID: 75d52f29a4a2ef24a6f38a1574e4453347bc0c8232a28dd9b23e12eccbe9f033
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a63a65ce8f855c23e0b9ae9f16a96f184671a30b0f1c0d517c5a8e6c8d169cba
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4602B670A1DB898FE758EF2884566BAB7D1FF98340F00457ED48DC3292DF74A8418B56
                                                                                                                                                                                                                                          Function 00007FF848A9F08F Relevance: .5, Instructions: 540COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 70dee34e5987dba3373957c1a5552a20e4c259b110c14da7b328aa2e4a937a3e
                                                                                                                                                                                                                                          • Instruction ID: f4298ce4efcdfb50e50afccaf465a2a7ecdec623bdf28f649e0ec97a139b773a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 70dee34e5987dba3373957c1a5552a20e4c259b110c14da7b328aa2e4a937a3e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6123D70D199599FEBA8EB28D8857ACB7B1FF58344F0005FAD40DD3292CF746A828B15
                                                                                                                                                                                                                                          Function 00007FF848AA3DE1 Relevance: .5, Instructions: 488COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 0f1dbd7c8c5a40c71b73275cd0d003ee1adaff37e31e9bd000dc98ac0cac4a6e
                                                                                                                                                                                                                                          • Instruction ID: 5250c31a24cdc4f2c03225be28b47ea467e8e13f088c8f618b127ab36b9c633f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f1dbd7c8c5a40c71b73275cd0d003ee1adaff37e31e9bd000dc98ac0cac4a6e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2FE1C630E1EA498FEB99EB2C98557A8B7F1FF55380F0001BAD00DD3692DF3968828755
                                                                                                                                                                                                                                          Function 00007FF848A9D73D Relevance: .5, Instructions: 485COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a84c7e6fed04da9b1941ed5d50926fae3a23bd80f42fe03bd37d1da621a4f025
                                                                                                                                                                                                                                          • Instruction ID: f5cdc285e0f0bfe92353c18616406b2ba7ed93d621c39e46e8fb0eb212c75c0c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a84c7e6fed04da9b1941ed5d50926fae3a23bd80f42fe03bd37d1da621a4f025
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8E15C62D0E9C60FE365F63C68171B83B90EF426A4F1449FBC089870D7DE5D988783A6
                                                                                                                                                                                                                                          Function 00007FF848CB12E5 Relevance: .5, Instructions: 458COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7d82513a91421f4ac607ed8a5656407ddd5b5826ae2c2bdfb2416d7dfeab4639
                                                                                                                                                                                                                                          • Instruction ID: 23ffb990619b78354f70ce420a4faeed76842ce8e829ad6c95970df22a2920af
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d82513a91421f4ac607ed8a5656407ddd5b5826ae2c2bdfb2416d7dfeab4639
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76E10831A1CA4D8FDFC8EF18D495AA937E1FFA8394F14016AE40DD7295CA34E842CB85
                                                                                                                                                                                                                                          Function 00007FF848CB2D7A Relevance: .4, Instructions: 441COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: fffb1ae35c8e1d1bcfce1cb9247c03dbc813e4d044dbc77cb1fdc28d4d7314e4
                                                                                                                                                                                                                                          • Instruction ID: 04a5e73550651ef85ef6b3b8f702c1caf46998900a7311be3a02bda47fe69490
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fffb1ae35c8e1d1bcfce1cb9247c03dbc813e4d044dbc77cb1fdc28d4d7314e4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9E19631A0CE8A8FDBD5EF2CD455A693BE1FF69750F0500BAD049C7296DB28AC42C785
                                                                                                                                                                                                                                          Function 00007FF848AA35ED Relevance: .4, Instructions: 440COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 52a11295e583b57077875c7f4db2e06bfc8c4101599e4e057235451e9b2dd0c7
                                                                                                                                                                                                                                          • Instruction ID: ef57b3c7656c289cf0ebecaf8c42315c13935ea15675d8a6d64110af5b018341
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52a11295e583b57077875c7f4db2e06bfc8c4101599e4e057235451e9b2dd0c7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ADD13762E0E6864FE755FA7CE8561FD7BA0FF867A4F0400BBC0488B197DA289905C395
                                                                                                                                                                                                                                          Function 00007FF848A9A7D3 Relevance: .4, Instructions: 433COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 6b9d0b10654927142e669594b52cf549b9cbd844273fc2bc1478230451155a20
                                                                                                                                                                                                                                          • Instruction ID: c0c81c7543f146440d4ee87342fabe3cc73c5239cc070665136437b45854482e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b9d0b10654927142e669594b52cf549b9cbd844273fc2bc1478230451155a20
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3C10962E0F9C21FE212FABC78031FC7B60EF426F9F0945B7C0484A0D7D959654A82A7
                                                                                                                                                                                                                                          Function 00007FF848A9AAE8 Relevance: .4, Instructions: 407COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8b48714a368d22d42c6b1c56e9916a31c05e7994b0758dc7879ef6adf589b14d
                                                                                                                                                                                                                                          • Instruction ID: 46b8958cf35d14fcb6d7560fcb9a7c05329601153b565461c9ff63e180b9d4db
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b48714a368d22d42c6b1c56e9916a31c05e7994b0758dc7879ef6adf589b14d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29C14720A0EA9E4FEB85EB2C44597783BD1EF55744F0404FAC40DCB1A3EF68AC4A8356
                                                                                                                                                                                                                                          Function 00007FF848CA03BD Relevance: .4, Instructions: 386COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b297387bbb7b3367bf637534b05917dccc2058b351f147ee454a594a671981b3
                                                                                                                                                                                                                                          • Instruction ID: f24f3d8df63f4f0570d35f97dbb395c9abd8d7fb3b14834ff7a4a8185dc470b4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b297387bbb7b3367bf637534b05917dccc2058b351f147ee454a594a671981b3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8EB1F331E1DB8A8FE799FA3C54592B97BD1FF99790F0400BAD049C3293DE28AC468345
                                                                                                                                                                                                                                          Function 00007FF848A9E189 Relevance: .4, Instructions: 376COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 4942f398d19afc7b76afc9629c67f34cc47e370e9b01bf502bf14e082ea9a77a
                                                                                                                                                                                                                                          • Instruction ID: 4bad4904184e2b8e62ec08009ab85060be01ce1807828dd393b9dad800c12c9c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4942f398d19afc7b76afc9629c67f34cc47e370e9b01bf502bf14e082ea9a77a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5CB13830A1DA854FE748FB3C844657A7BE1EF95744F0445BED04AC72A3DE68EC428742
                                                                                                                                                                                                                                          Function 00007FF848A9CE10 Relevance: .4, Instructions: 374COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 99f8514ef97d8d73a52b6ff739c7bd27d409c333ce099cf71db78817ada1a562
                                                                                                                                                                                                                                          • Instruction ID: f4db39d26f82d966c2dc49953934f4e348138c1a8b690c0b626ad27d0fcbdaf8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 99f8514ef97d8d73a52b6ff739c7bd27d409c333ce099cf71db78817ada1a562
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 79C1D131E0DE8A9FE784FB6894567BDB7E1FF54750F1401BAC00DC7282DE6868828B52
                                                                                                                                                                                                                                          Function 00007FF848AA48B0 Relevance: .4, Instructions: 350COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d0f1028491a542bedd20c970280270da1cdfa9dfba96b1aca33912930d7ed44c
                                                                                                                                                                                                                                          • Instruction ID: d05f9e80499c7fde46e36c81209dc6b071d415e05d362fc1c0d9a4eda8dcb1ca
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0f1028491a542bedd20c970280270da1cdfa9dfba96b1aca33912930d7ed44c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19A15831B0EE494FE7A9E72C945677937E1EF99380F0801BAD04EC7A92CF589C468356
                                                                                                                                                                                                                                          Function 00007FF848A986DA Relevance: .3, Instructions: 349COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3eb3e330bf5f3c7d7d9a77a1b4f5ea476ff838270e2f122c5b4b094f56144ff4
                                                                                                                                                                                                                                          • Instruction ID: 826535ab43dd4fa6f4f9bd2d105f88155480b26ce31c305aab86f75c8e8252ef
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3eb3e330bf5f3c7d7d9a77a1b4f5ea476ff838270e2f122c5b4b094f56144ff4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45C11631D0E65A8FE795EB6488067F8BBF1EF46394F0401BAC04DD7192CB781846CB66
                                                                                                                                                                                                                                          Function 00007FF848A9DFB9 Relevance: .3, Instructions: 330COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8dd41109ba11d2845fc4972d30f148bc09b7a04cfef098eea42db3f8ff25aeba
                                                                                                                                                                                                                                          • Instruction ID: 47c171a393453e6a234812cdbc3710c7960166d0cef893a65bb8d3f814f4ff46
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8dd41109ba11d2845fc4972d30f148bc09b7a04cfef098eea42db3f8ff25aeba
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8916631A0DA854FE749EB3C884A5753BE0EFA6354F0405FED449C72A7EE68AC42C742
                                                                                                                                                                                                                                          Function 00007FF848CA8FD3 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d5bec5bc4d558202d2285220462e0fc984b6f0d4f5d8303a24dc8f4b6a35a30f
                                                                                                                                                                                                                                          • Instruction ID: 98bb5f2aca24ba4e0cfedd53ee9ea15b3ad02425d0e5027f3108b925c91fd508
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d5bec5bc4d558202d2285220462e0fc984b6f0d4f5d8303a24dc8f4b6a35a30f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6A14971E0DB8A4FE796EA7C985A2B47BE0EF55390F0401FAC049C7196DF296C0B8740
                                                                                                                                                                                                                                          Function 00007FF848A9DC17 Relevance: .3, Instructions: 313COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 5d383748f23d7c56ddc328336b17de5699ec016d91bec38d36db4c938e1452a7
                                                                                                                                                                                                                                          • Instruction ID: 33009be2b76bee0ecc2c741ae1232bf3f38f226d8159a5d1b8e2f98fd083cb62
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d383748f23d7c56ddc328336b17de5699ec016d91bec38d36db4c938e1452a7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B791863160DB494FDB58EB2898426B5B7E1EFA6354F04067EC08DC3292DF65F8468396
                                                                                                                                                                                                                                          Function 00007FF848AADE00 Relevance: .3, Instructions: 304COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2815b133cdbb77be1c869d6f78eaee480222fe5dbd06f8be47e10c38b7a33caa
                                                                                                                                                                                                                                          • Instruction ID: 27b5fb43df1c05b8503bb952b92ed2fb8730f72cd81b995ca94399105240d4d1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2815b133cdbb77be1c869d6f78eaee480222fe5dbd06f8be47e10c38b7a33caa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27813931B1DE090FE6A4FA2CA45A7B933C1EF947A0F0401BAD44DC7296DE999C434396
                                                                                                                                                                                                                                          Function 00007FF848A9A0A0 Relevance: .3, Instructions: 299COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 6a7ad60277341bb7fe4fc5afabfc63dd66a1eb9247de4aac0a2f6104086fc772
                                                                                                                                                                                                                                          • Instruction ID: e3821635c85ce7b594fbf10693e0cfef73d0b85ab36996ffaa1da47a877f3133
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a7ad60277341bb7fe4fc5afabfc63dd66a1eb9247de4aac0a2f6104086fc772
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B81E570B1DA094FE694FA3C941B67977D2EF98790F4001BED04EC3292DF69AC428756
                                                                                                                                                                                                                                          Function 00007FF848CA3545 Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7e5021c9d590c03f380da87255c3d08ce8b8980b68ab0d41050248a7855bf208
                                                                                                                                                                                                                                          • Instruction ID: 8173c5c8dad232781a1e90d184f75cbd955e2840cd4a40cdce65824df85c9496
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e5021c9d590c03f380da87255c3d08ce8b8980b68ab0d41050248a7855bf208
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A181C43070DA494FD7E9EB3C946A7757BD0FF4A350B1500FAE48AC72A2DA19DC428785
                                                                                                                                                                                                                                          Function 00007FF848A973E1 Relevance: .3, Instructions: 293COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 4cf0048ded0ccffe54907526fda4b5923f04eac628be12b5d9ee25417a9b4f6e
                                                                                                                                                                                                                                          • Instruction ID: cf6fc44efc243c844cecbc4616326e432d68c5e97d527220727e35d5185de01a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4cf0048ded0ccffe54907526fda4b5923f04eac628be12b5d9ee25417a9b4f6e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3B1047090EA1D8FDB94EF68C895BADBBB1FF59300F1044A9C00DE7291CB74A981CB25
                                                                                                                                                                                                                                          Function 00007FF848A9EA70 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b20861b18c334f87ddc1c69057b90964755cc4404791c9f3d555f8d739b17bdc
                                                                                                                                                                                                                                          • Instruction ID: 7b1e11138fe557e25239dffab08f133f0c17971e1ab8f1104c063de26be1b80e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b20861b18c334f87ddc1c69057b90964755cc4404791c9f3d555f8d739b17bdc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1171E431E1D98A5FEB88FA28944B9B837D1FF65740F00017DE94EC3197EE54AC068796
                                                                                                                                                                                                                                          Function 00007FF848A97DC8 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 43999116ad31e2581e00a3e74c636b581ecb577dceed07e1ca7971cb3fe7de30
                                                                                                                                                                                                                                          • Instruction ID: 8aef9ca3af90cf22cdce005762a803a669582eb12055a0df861c7ef74e16521c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 43999116ad31e2581e00a3e74c636b581ecb577dceed07e1ca7971cb3fe7de30
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46919E71D1EA8E8FE798EF68D8466ADB7E1FF55784F000979D009D3182DFA8A8018761
                                                                                                                                                                                                                                          Function 00007FF848A94610 Relevance: .3, Instructions: 267COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 64b2ce577e1530a46e62ef8b6e28ea68fbc04bc2c5cda3ef0a1a1c2d8e0ddee1
                                                                                                                                                                                                                                          • Instruction ID: 35271fc4cadd5506716a6b6838c3d6194430d17eb89b62c5051e070cf69f9dc4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 64b2ce577e1530a46e62ef8b6e28ea68fbc04bc2c5cda3ef0a1a1c2d8e0ddee1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2391AE70909A8E8FEB84EF68C849AEEBBF1FF55304F1405B9D408D72A6DB349846C740
                                                                                                                                                                                                                                          Function 00007FF848A9A015 Relevance: .3, Instructions: 267COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 109752a3c39dc06892cd08901fcddf2a97272076ed19663d8999577d9cc09c8a
                                                                                                                                                                                                                                          • Instruction ID: 296024e510759e7a05ff97b087191e563eb3d7cbb4cdd139d13f26f4b7b32e24
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 109752a3c39dc06892cd08901fcddf2a97272076ed19663d8999577d9cc09c8a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D812531D0DF869FE694FA2884567B9B3E1FF947C0F0805B9C04AC7582CF68E8428B56
                                                                                                                                                                                                                                          Function 00007FF848A9BC6D Relevance: .3, Instructions: 255COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a3ecce3ff4e886cff822053c6fd0d32306c7a66197e8b9d388eefe668c537275
                                                                                                                                                                                                                                          • Instruction ID: 37c879db95894112f9125c9257100ba9164aafe4ab5164d2961d6442f82da595
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3ecce3ff4e886cff822053c6fd0d32306c7a66197e8b9d388eefe668c537275
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51810470E1DA9AAFE744FBAC98566FCB7E1FF48390F040576C009D7293DE6868468712
                                                                                                                                                                                                                                          Function 00007FF848A94053 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a73edb01aca79ed28f3a5368ac2f8dc18d646174ed78765c9e8494e080655d81
                                                                                                                                                                                                                                          • Instruction ID: a1f42ea23d49df308ddb9f815f46cb5d0e0992faad4c110e63dbc4a07603a507
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a73edb01aca79ed28f3a5368ac2f8dc18d646174ed78765c9e8494e080655d81
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61810031C0F65D8FE754EB6488462FCBBA0FF56394F50067AC04D972D2DB7828468B56
                                                                                                                                                                                                                                          Function 00007FF848CA2CD3 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: dfbb33ef0e97354ffb3be0322cf546a4f1aebc2422f652a429b150b36cfce4c6
                                                                                                                                                                                                                                          • Instruction ID: 2590b80cb2062158bed29cc0a85bb3b5315db6259d520f9b72a0440dd92ffc2b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dfbb33ef0e97354ffb3be0322cf546a4f1aebc2422f652a429b150b36cfce4c6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49718D31B0DA698FDB94FB6C94596F877E1FF59351F0400BAD08DDB2A3CA28E8418754
                                                                                                                                                                                                                                          Function 00007FF848AA71F8 Relevance: .3, Instructions: 251COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: da16b19554101e49f694fc810dc494541b6a83a2565cc1180682132ff6fe3c4c
                                                                                                                                                                                                                                          • Instruction ID: 00f064043a348b34554bfc55bc136c13dc5bd341d6a23403e7816c8a93e4038e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: da16b19554101e49f694fc810dc494541b6a83a2565cc1180682132ff6fe3c4c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D81C470A1DB498FE768EF28844A67AB7E1FF98740F00457ED48DC3291DF74A8418B56
                                                                                                                                                                                                                                          Function 00007FF848CA4949 Relevance: .2, Instructions: 247COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c9a8a67582e087dc1e986a591a9e569d24786c82a55834dc57fbc29ed052cc4d
                                                                                                                                                                                                                                          • Instruction ID: 2e7b80c9d1dc92ee4975a85d4bb915132d55f5a5a558f5c1a9c4e6b181702741
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c9a8a67582e087dc1e986a591a9e569d24786c82a55834dc57fbc29ed052cc4d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED717D31A0CA5A8FEBD4FB2C94597A87BE1FF58784F0441BAD44DD3692CF28AC418748
                                                                                                                                                                                                                                          Function 00007FF848CA03EC Relevance: .2, Instructions: 234COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7556dc645638ddf042dee53635f4ec83ad0b14cad89bcddb04f4b5c22e5c98f8
                                                                                                                                                                                                                                          • Instruction ID: 0244a6c59793f5d0c2497666225bb5de66a9981f4fc64a36ab98a236344c6ea5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7556dc645638ddf042dee53635f4ec83ad0b14cad89bcddb04f4b5c22e5c98f8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4151B131A1CE8A8FE798FA2D545477577D1FF98B80F4500BAE04DC3296DE28AC468389
                                                                                                                                                                                                                                          Function 00007FF848A94667 Relevance: .2, Instructions: 228COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: bbee61649ed130c73bde3e6702730f4b525aa27f9d3f46fb2b036f8b9974a6f1
                                                                                                                                                                                                                                          • Instruction ID: c0a0511b63715a1e43b58fbca17696b8d60ab726d55bc18393342a77b0b864ff
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bbee61649ed130c73bde3e6702730f4b525aa27f9d3f46fb2b036f8b9974a6f1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1881A370919A8E9FDB84EF68C849AEDBBF1FF59300F1445B9D408D72A6DB349846CB40
                                                                                                                                                                                                                                          Function 00007FF848A98D32 Relevance: .2, Instructions: 227COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9c7084853a71b9038afed01061b92c0966e42bcd1d3aad7a912243c62827ff97
                                                                                                                                                                                                                                          • Instruction ID: 54f8e944b296b602df13fc7799075c66f5bc542d439984872a9c389af447d31d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c7084853a71b9038afed01061b92c0966e42bcd1d3aad7a912243c62827ff97
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B771DF7090E64D8FDB85EBA8C855AEDBBF1FF46350F1001AED009D7292CB795842CB11
                                                                                                                                                                                                                                          Function 00007FF848A94C41 Relevance: .2, Instructions: 214COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b3b03bdba5840b82e3521d491987ca915b336347ce5f4ebb7715edef1d7ad03f
                                                                                                                                                                                                                                          • Instruction ID: f4b72ecaa47cce09becf70f19a800da728506a52b309e8a76996f774ca742c5a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3b03bdba5840b82e3521d491987ca915b336347ce5f4ebb7715edef1d7ad03f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B461D37190EA8D8FE795EB78980A2A87BE0FF15350F0405FAC00DDB2A2CA695C46C711
                                                                                                                                                                                                                                          Function 00007FF848CB51FA Relevance: .2, Instructions: 213COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 5943c6a1bb6955109cdb33ea724b7ec251d83a5b7d6e79936193bac280d62184
                                                                                                                                                                                                                                          • Instruction ID: b4a591b5fd8437cd568aaf62a7337e1895f16722d6488bb15ae206faeffd9b51
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5943c6a1bb6955109cdb33ea724b7ec251d83a5b7d6e79936193bac280d62184
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44511A62D0EFC61FE796E63868561F57BE0EF622A4F0800BBC089C7193EE196D568345
                                                                                                                                                                                                                                          Function 00007FF848CA9DFB Relevance: .2, Instructions: 213COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 44c48779c60a70387e324fd8eaba3eae20d8434337a9ef6bb90f6c9221279b8d
                                                                                                                                                                                                                                          • Instruction ID: cb6765524e88ceb2c32723b969e5a9fed58015da95049773a9dcc3fac2e52850
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44c48779c60a70387e324fd8eaba3eae20d8434337a9ef6bb90f6c9221279b8d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE61783190DF8A9FEB99EB78885A6BA77E1EF91350F0440BED049C7192CF38A8458740
                                                                                                                                                                                                                                          Function 00007FF848A9E788 Relevance: .2, Instructions: 211COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 35d338799d9d72d053f78a148ff472b0bf0d2160105fab161af2727fcea05074
                                                                                                                                                                                                                                          • Instruction ID: afd164090519191b9066cdfd52cb454e39728a4d6df389a65e49006f27ba842d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 35d338799d9d72d053f78a148ff472b0bf0d2160105fab161af2727fcea05074
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6451223161DB0A8FD768FB189485A7173E0FF99390F140679D48DC3652EA69F8828396
                                                                                                                                                                                                                                          Function 00007FF848AA35E8 Relevance: .2, Instructions: 210COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 11b94318c950069d604f6a5985285b85f88a839fe4012bd24ecedc4faceb4af0
                                                                                                                                                                                                                                          • Instruction ID: ed4096b3a97aeac249fa390e2b46c704a096a1b6d97a8fbec0fb803ce90795ac
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 11b94318c950069d604f6a5985285b85f88a839fe4012bd24ecedc4faceb4af0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AB51243061EB0A4FD759EF28988557173E0EF99390B1402BDE44EC3A52DB29F882874A
                                                                                                                                                                                                                                          Function 00007FF848A9A840 Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d67156f7f1ba8eef3cc84a4c1f1041318768d81ec560f335959c0206a3518b75
                                                                                                                                                                                                                                          • Instruction ID: cd1b864b1da3609c9fef8f617b27f43db43c1e6b255aebd4e73cf6d54298117e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d67156f7f1ba8eef3cc84a4c1f1041318768d81ec560f335959c0206a3518b75
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC51A352D0F9D21EF252F67C38171BC6B90EF126E8F0949B7C04C4A0D7DE487A8652AB
                                                                                                                                                                                                                                          Function 00007FF848A9A848 Relevance: .2, Instructions: 195COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a1b3d278deef15d4f3e7fd364996080429e34b7579590e5ba4100f1c223d6839
                                                                                                                                                                                                                                          • Instruction ID: 9ddc405ae2ce51e8af8ea760e97f8199027f36fac9941994a33509e4a9d3adc3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1b3d278deef15d4f3e7fd364996080429e34b7579590e5ba4100f1c223d6839
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A519252D0F9D21EF252F67C38171BC6B90EF126E8F0949B7C44C4A0D7DE487A8652AA
                                                                                                                                                                                                                                          Function 00007FF848AA555D Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 964f57f53677dab7e264f6d6856b29ae35eb680dd121cacf71c36141c306921d
                                                                                                                                                                                                                                          • Instruction ID: 8730fd896ba431d10695ef509e90302d8b3b4bf303818b5fe847bb66c8b124b0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 964f57f53677dab7e264f6d6856b29ae35eb680dd121cacf71c36141c306921d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D416932B0EF0A0FE798EA5CA8426B577D1EB453E0F4401BAD40DC3696EE5AEC434359
                                                                                                                                                                                                                                          Function 00007FF848CA8240 Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a1218456c8da2ab3c8c08f693997434bb70ed372ba225ee0fa8604b6be967edc
                                                                                                                                                                                                                                          • Instruction ID: 1d89918e3db8f8a122d6bd1650247d69f3e383b4233b071a0e85282f34d87033
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1218456c8da2ab3c8c08f693997434bb70ed372ba225ee0fa8604b6be967edc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E512631A0EB4A8FD799EB68841976ABBE2EF85350F1841BEC04DC72A5CB399C45C741
                                                                                                                                                                                                                                          Function 00007FF848CA69C2 Relevance: .2, Instructions: 176COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: bda87a91d053e172940f6ecaccdb31a2cbfb4d7e2e0ae9f83de16063a91a2dab
                                                                                                                                                                                                                                          • Instruction ID: 9bdf29ad1ddc8ad125e52db374df11f8283629d55ea8a392a49ff7ca3f705e4d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bda87a91d053e172940f6ecaccdb31a2cbfb4d7e2e0ae9f83de16063a91a2dab
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A951C571A0EB45AFE395FB74C84AE79B7A1FF84354F2444BCD04A87192DE3AA842C740
                                                                                                                                                                                                                                          Function 00007FF848CA69DA Relevance: .2, Instructions: 176COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: bda87a91d053e172940f6ecaccdb31a2cbfb4d7e2e0ae9f83de16063a91a2dab
                                                                                                                                                                                                                                          • Instruction ID: 9bdf29ad1ddc8ad125e52db374df11f8283629d55ea8a392a49ff7ca3f705e4d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bda87a91d053e172940f6ecaccdb31a2cbfb4d7e2e0ae9f83de16063a91a2dab
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A951C571A0EB45AFE395FB74C84AE79B7A1FF84354F2444BCD04A87192DE3AA842C740
                                                                                                                                                                                                                                          Function 00007FF848CB314B Relevance: .2, Instructions: 172COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ef55dcdf94c923df90658ee474ef4922828b752c9bc541f1fb1de67385b99e61
                                                                                                                                                                                                                                          • Instruction ID: f28bf0b95490a8fceb09baff7ab1fe40cc4c2767e509ffeecbfa469ba11f80c0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef55dcdf94c923df90658ee474ef4922828b752c9bc541f1fb1de67385b99e61
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6851C570A18A4E8FDFD4EF2CD895AA93BE1FFA8740F450169E409D7295CA34E841CB85
                                                                                                                                                                                                                                          Function 00007FF848A96451 Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 17413b26563d093c13977a0110e06969331b4856da9eb866e17aae6b632a5d01
                                                                                                                                                                                                                                          • Instruction ID: 26b02a39dc4eea6ac885b0955a1e9d09a4e0f45f69f01dc805bd910de1b56b3a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 17413b26563d093c13977a0110e06969331b4856da9eb866e17aae6b632a5d01
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F351373090EA1E8FDB99EB64C4563BCBBB1EF49344F5444BDC00EA7292CB786885CB15
                                                                                                                                                                                                                                          Function 00007FF848AA2BD9 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9811159c38862e6ccba643138e381c0fe0016e1d40c832b626f23fd5aee0cd6a
                                                                                                                                                                                                                                          • Instruction ID: 3de530585660340a100a324660cd0b5e5853747f2f52b0cb1d531af9b44258b4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9811159c38862e6ccba643138e381c0fe0016e1d40c832b626f23fd5aee0cd6a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC41F622B0D7914FD312EB6CB8625F97B60DF833A671901F7C284CB093DA19984683E6
                                                                                                                                                                                                                                          Function 00007FF848A92F45 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 54a6d51c271d074c55d375d529c3a2c5827621eaeede35d2d9bdd592f543d380
                                                                                                                                                                                                                                          • Instruction ID: 942ae95f4ddcaff2ab2d041422735f4886705b82f8637bea3f22f55275ff7e26
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 54a6d51c271d074c55d375d529c3a2c5827621eaeede35d2d9bdd592f543d380
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7551F470A09A1D8FDF94EFA8C449AEDBBF1EF59341F50012AE009E3291DB74A8418B95
                                                                                                                                                                                                                                          Function 00007FF848A904FA Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 052894859b45ecc4426687ea0492a2517c449ebbfe3bb8e139be1590a28f0915
                                                                                                                                                                                                                                          • Instruction ID: 9add0a6064d05ecb3234a3b7ead286f0685aa39fc2c6805cc4f7a8f902f9ae3e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 052894859b45ecc4426687ea0492a2517c449ebbfe3bb8e139be1590a28f0915
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D4519A70E0D64E9FEB95EB68D4467FDBBB0EF45350F00057AD009E3291CBB958858B92
                                                                                                                                                                                                                                          Function 00007FF848C1018D Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2782878231.00007FF848C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C10000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848c10000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2c78b8379b7f9642de5a175d6ac5b5e1eb494f408dff0ff6c50f07c608f4a231
                                                                                                                                                                                                                                          • Instruction ID: d76f6822aab0b626b13088f3040fc8bf78caad1f48eaa28efebd045d44699996
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c78b8379b7f9642de5a175d6ac5b5e1eb494f408dff0ff6c50f07c608f4a231
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3441A26180DBCA4FD796EB34486A6A5BFF0EF16200F0940EAC488CB5A3D66D5856C751
                                                                                                                                                                                                                                          Function 00007FF848AB42E0 Relevance: .2, Instructions: 150COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 73c6abcd3f0cf2c0ea6993d20c2a732d486c176de71818520423aa759e773ddb
                                                                                                                                                                                                                                          • Instruction ID: 4379adfc204a0d0bed28cc838aeadf90bd4f1aa6fb3e1560b9eeb9f38fbe5d59
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73c6abcd3f0cf2c0ea6993d20c2a732d486c176de71818520423aa759e773ddb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B412030A1EE064FE769E6389456AB5B3D1FF64340F08417DC68EC3291DF69F8428396
                                                                                                                                                                                                                                          Function 00007FF848AA0B00 Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 448e9e35e55174af596582cb78bbf1c45fa5646409c72d5ea04bc08f188ab54d
                                                                                                                                                                                                                                          • Instruction ID: 129cf1e17c2891eeef40ace6231546baf9b804616422a77ace1087e8d4639e88
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 448e9e35e55174af596582cb78bbf1c45fa5646409c72d5ea04bc08f188ab54d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A413A31B0EA0D4FE794FB2CE8157B9B7C1EF98355F4406BAE44CC7292DE6A58458342
                                                                                                                                                                                                                                          Function 00007FF848A92F38 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: dec3f15c686816644d2d717a061b6e2a904b71214076ed64281930e658dbdf09
                                                                                                                                                                                                                                          • Instruction ID: 85f5d18315fc525e46279659459ad7f16ab25284b1e54837f82088267a53dbbb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dec3f15c686816644d2d717a061b6e2a904b71214076ed64281930e658dbdf09
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D413730A09A1D8FDF94EF68C445AEDBBF1EF59340F14016AE00DE3291DB74A841CB95
                                                                                                                                                                                                                                          Function 00007FF848AA5088 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d0a6660d62da7d3467a7c4fc93076d0a26884f95897cc825d720c4af987ed704
                                                                                                                                                                                                                                          • Instruction ID: b883bb917d06570fd884fc211dfc57359072bef387cb2ba0169fe6ee57e95430
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0a6660d62da7d3467a7c4fc93076d0a26884f95897cc825d720c4af987ed704
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6841F531B0EF0E4FEAA8FA5C945967963C1EF987D1F1400BAD40DC3695EE29DC428359
                                                                                                                                                                                                                                          Function 00007FF848AA1C60 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7242d3b344e202d54347d97e23e2b29bf0d2f8c41dc9cf9698af7db390a81fec
                                                                                                                                                                                                                                          • Instruction ID: 8e5db59b34d18ca4c3647c2f1e637a00e8375084a11061118e41d9cc74140655
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7242d3b344e202d54347d97e23e2b29bf0d2f8c41dc9cf9698af7db390a81fec
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83418130A0DA0A4FDB98EF1894566BA37E1FF98384F10017AD40ED3691CF75A812C786
                                                                                                                                                                                                                                          Function 00007FF848A935C7 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 63bc5649cbcc0b89fd028d6430c05ed2a9d04f87ab21bdbcd28f5e0b0dcfccea
                                                                                                                                                                                                                                          • Instruction ID: 9ebad8cafb9127919c35ceaab067ffd840e063e0c516b4ba81bfa8a8a8d2444e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63bc5649cbcc0b89fd028d6430c05ed2a9d04f87ab21bdbcd28f5e0b0dcfccea
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B041A7B191E6499FD35AEB78881A1B9BBE0EF43260F0405FEC009CB6F2DB691C46C751
                                                                                                                                                                                                                                          Function 00007FF848AA30D8 Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 0266d654edbd3d21a323e3d4ba1ee5f773be8e3228e8b6286d8fc5b4df5f5e46
                                                                                                                                                                                                                                          • Instruction ID: 9a2681f707d3a1819a61bc696fe1c5e92fa18d32c9c099d5163323d3509ebc5d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0266d654edbd3d21a323e3d4ba1ee5f773be8e3228e8b6286d8fc5b4df5f5e46
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97311831F2DA194FE394F62CA40A2BA77D0EB947D4F04057BD48DC3191DF9898824396
                                                                                                                                                                                                                                          Function 00007FF848A93048 Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 1b2338de2483c2e427d79c2c6b3852e6bb42469adb93cad7bb8ecda49a245a78
                                                                                                                                                                                                                                          • Instruction ID: 423bbb589b09501d238bd5ddd3045454d4d7ca0c6b7570fa2f83cac3df0594ca
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b2338de2483c2e427d79c2c6b3852e6bb42469adb93cad7bb8ecda49a245a78
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F41BF31919A4D8FDB98EF18C8466FDBBA2FF98350F04057AE409E3295CB38A845C751
                                                                                                                                                                                                                                          Function 00007FF848A95768 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d176f19d1b422d23f001e8bda42b77654c44069679d29d576d83ec67e8a0026e
                                                                                                                                                                                                                                          • Instruction ID: 8ae40bd8e6bb3e0f928b2baa07fe7b3b149167a94a1f2b6445237fef8d2dfac2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d176f19d1b422d23f001e8bda42b77654c44069679d29d576d83ec67e8a0026e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7941B270D0EA5D9FDB44EB6898162FDBBB1FF4A314F10087AD009E7291CBB95841C755
                                                                                                                                                                                                                                          Function 00007FF848CAC5D9 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 403e2833d66fcb24401f74a7ec32f1ad4aa6cd4ff81ecaf3f32edfb10d59cc40
                                                                                                                                                                                                                                          • Instruction ID: 429dce3148cb34a9d0e872d8d497c8b2200f1ed45d88403eb7730054d2c723f8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 403e2833d66fcb24401f74a7ec32f1ad4aa6cd4ff81ecaf3f32edfb10d59cc40
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D41153054EB899FD786FB289845BB17BE0EF96310F0404FAD049CB193D72AA855C751
                                                                                                                                                                                                                                          Function 00007FF848A93CAD Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2478afa45e4563c5a72334100fa2645575c12380af61fd029a0acc009b7757ce
                                                                                                                                                                                                                                          • Instruction ID: 96b300afe58e2a043024ce6888def43100e4f61f309d6264a3796cbf7f8760d8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2478afa45e4563c5a72334100fa2645575c12380af61fd029a0acc009b7757ce
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 21414970D1E61A8FEB54EBA8D4966FCB7B1FF48344F50183AD00AA3291CB7868458B55
                                                                                                                                                                                                                                          Function 00007FF848CAC1E7 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3901d369300568a45b970903ce43f0b62de3e21857e2592f15a8fdd1f5371cc3
                                                                                                                                                                                                                                          • Instruction ID: e07dda8a8833837119ad98f63a36469e35b1c2c0069c80849aa77fba0130a50c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3901d369300568a45b970903ce43f0b62de3e21857e2592f15a8fdd1f5371cc3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA41A061E1DF8B4FEBE8EA6C945577963C1EFD4B84F1442B9D009C71D6DE28EC024284
                                                                                                                                                                                                                                          Function 00007FF848AA29AD Relevance: .1, Instructions: 134COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 1765bfcb87e191f3af898b6b0ac3a9b1a5a8c29a020717310d462d884b8e556f
                                                                                                                                                                                                                                          • Instruction ID: 0435923b068d8a48f4f672bb627dd7c568c8eee327b61a520eacdab9deb19805
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1765bfcb87e191f3af898b6b0ac3a9b1a5a8c29a020717310d462d884b8e556f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F331CE31B0DA4A4FDBA9EF1894562FE37A1FF98394F00017BD40EC3682CE659852C396
                                                                                                                                                                                                                                          Function 00007FF848AA4554 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 4868506091aa5fac9a2f2b5bac1fe75015b265df89329aea4e99f6ac4be87f28
                                                                                                                                                                                                                                          • Instruction ID: dad7e3eb2c5b52db851292081fcf1bc5ff449a21ad770c791cacf0930a3fb504
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4868506091aa5fac9a2f2b5bac1fe75015b265df89329aea4e99f6ac4be87f28
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8841292190FA865FE359DB38981A562BBD1FF56390B0846BAE049C7987DB689C038351
                                                                                                                                                                                                                                          Function 00007FF848AA56BD Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 5ff80bf1be9471658c0a66e59fb3de64462173b1f3054810af409d5f22d80ebb
                                                                                                                                                                                                                                          • Instruction ID: cdfabc571ca4c94dc43fbafeee251c6a865a7bbfd3b7d9d76dc7975f3350c38b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ff80bf1be9471658c0a66e59fb3de64462173b1f3054810af409d5f22d80ebb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0931156060FB85AFE356F67898171B5BFD0DF46290F0908FED049C75A3DD590C868366
                                                                                                                                                                                                                                          Function 00007FF848A9C0B9 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 41ce58d0b94d1b61b72d389eae3ef3b7419a0579ce9deef04b3f3f2242f519de
                                                                                                                                                                                                                                          • Instruction ID: 7910c1a60432cc2e6dde4662ddf0e95daab174f75225f84d6f0dec10596418a2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41ce58d0b94d1b61b72d389eae3ef3b7419a0579ce9deef04b3f3f2242f519de
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78310461A0EFC60FD756EB3888651747BF1EF96284B1941FBC089CB1A3EB1C98068316
                                                                                                                                                                                                                                          Function 00007FF848CB1995 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 446aeb247b52b70fc3a97e05c9e53423cf0126e82fd021cbe497b55ec22d5c30
                                                                                                                                                                                                                                          • Instruction ID: 21ed2e6b502c1c0c3768cbdbaf01ff7e079b884947f48d959170e0f84107524b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 446aeb247b52b70fc3a97e05c9e53423cf0126e82fd021cbe497b55ec22d5c30
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2631F620B1DB584FD794EA1CA85677677D1EF957A0F0401AFE48AC3296CB14BC4183C6
                                                                                                                                                                                                                                          Function 00007FF848A9E290 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 10a43fb54e2c0d80091446c4e20555ba0b1033c59812ea71805f1a347aac4208
                                                                                                                                                                                                                                          • Instruction ID: 092b0d73d519aa24cae5acd0e9d25720b800bfa2fe7e97e3f8854a90ebfe3bed
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10a43fb54e2c0d80091446c4e20555ba0b1033c59812ea71805f1a347aac4208
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8410B31E1D6864FE349FB38841A17A7BE1EF55284F4545B9C04DC71E3DE6C58468712
                                                                                                                                                                                                                                          Function 00007FF848A99D55 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c17473fca0f4803f8ca36f1ed54941d3104cfa48eb1dd5de262473ae8c6de61e
                                                                                                                                                                                                                                          • Instruction ID: 7a6a6a623ffbdba7499e8cee0759068ed977d60e9870c075d56bde790dfa8d20
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c17473fca0f4803f8ca36f1ed54941d3104cfa48eb1dd5de262473ae8c6de61e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A43189B125E7C69FD38793B8486A0E97FE1DF43170B1949EAC1808B5B2E39D4C478392
                                                                                                                                                                                                                                          Function 00007FF848AA34D0 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 278cf7da3e94fe173f682793d9f0e9fb0d112200f1747915721ef02bfa63e0a8
                                                                                                                                                                                                                                          • Instruction ID: 48eac7b8a5e029793a8b0973f0daf49338cfab6585c6222f446220d315fcd6a9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 278cf7da3e94fe173f682793d9f0e9fb0d112200f1747915721ef02bfa63e0a8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E316932A0E7965FD300FA6CA4571FA3BA0EF423A9B0801BBE48CC7853ED54684583D6
                                                                                                                                                                                                                                          Function 00007FF848AA1C98 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: cc7bb5e3df7e52b610191287abd6071f0b1503ff391b0304e712768df14c2ac2
                                                                                                                                                                                                                                          • Instruction ID: 85bf491c0d7e70cdee9437eb8339fb701feb13e500ec7d772e525db2c26d5e1d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cc7bb5e3df7e52b610191287abd6071f0b1503ff391b0304e712768df14c2ac2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19310721A0DB454FE790E62C944567AB7D1EFA43A4F08057FD488C36A2CB98E9C0C35A
                                                                                                                                                                                                                                          Function 00007FF848A9A010 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d54aab081de079f8c5f2071a8be41ea76af7a88968926820712f9e3f5ff4e5d8
                                                                                                                                                                                                                                          • Instruction ID: 6de12104061177e342f8317c3fb127468ddf9d60939d0c1d4363612938e9e0c3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d54aab081de079f8c5f2071a8be41ea76af7a88968926820712f9e3f5ff4e5d8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B31253061DF468FDB55EB3CC051E71B7D1EF69380B1485B9C04AC75A2CE65E845C750
                                                                                                                                                                                                                                          Function 00007FF848A9B95D Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 361791464ae91f75e8954d01633c51b23a261b6b37cbc1dfc6bec1cbbda53151
                                                                                                                                                                                                                                          • Instruction ID: a4356fc99168af2c7a9ff07a0f6832c3d8fb7ccb0fa1ae73930b1a9100ee66df
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 361791464ae91f75e8954d01633c51b23a261b6b37cbc1dfc6bec1cbbda53151
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9531693060EE855ED756FB7C90925FA7BA1EF84384B1800BAD48EC76A3CF147446C381
                                                                                                                                                                                                                                          Function 00007FF848A9EA55 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7936cef9f644c7513ed361162470076a225416b4dc4ff489d6ae74eed65ba766
                                                                                                                                                                                                                                          • Instruction ID: a31046ab71b44af91712d705a604e137dd6431276e89839f5fb17a212b3d225f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7936cef9f644c7513ed361162470076a225416b4dc4ff489d6ae74eed65ba766
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1314831A0EE8B4FE368F67C441A679BBC1EF65290F1500BDD14DC71A2DA98DC478396
                                                                                                                                                                                                                                          Function 00007FF848A9E9DD Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ca92eceb28fd6dd1691da1d487bb15cef251f831d9dc5b823f273a42bebc171f
                                                                                                                                                                                                                                          • Instruction ID: 5e8c39d57310f70f0e42ebbad658491987a6fedf5e3048e8a7d730b39b1f47db
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ca92eceb28fd6dd1691da1d487bb15cef251f831d9dc5b823f273a42bebc171f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1314631A1D94A5FDB84FB2CC4526AE77E2FFA4760F0402BAD009C7286CA64AC4787D1
                                                                                                                                                                                                                                          Function 00007FF848CA6D31 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b99a3047d7785060a126a05d60c126958e8f40d42efcd57047aff9533cc7adbe
                                                                                                                                                                                                                                          • Instruction ID: 800f2bf5a58d4bfe91616e684eac298de8edb17482706f8132fe0031ceb40c27
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b99a3047d7785060a126a05d60c126958e8f40d42efcd57047aff9533cc7adbe
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10314C71E1DB8A5FE799FB38980AAB977D1EF40794F1005BDD04A8B192DE29EC068244
                                                                                                                                                                                                                                          Function 00007FF848AA4EFA Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 0ad8f7b3a56564e9d51d8da1327fe38d8a512d54bb95b8646474a9d5b3d34ed6
                                                                                                                                                                                                                                          • Instruction ID: 6cfd5071e43715c402c50d4c006756b270971adc45d8428909bc4ff756c0b0dd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ad8f7b3a56564e9d51d8da1327fe38d8a512d54bb95b8646474a9d5b3d34ed6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46210831B1DE180FE268EA1CB85A1B877C1EB9C7A5F0402BFE44CC32A2DD955C468296
                                                                                                                                                                                                                                          Function 00007FF848A9AE10 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2c7f4b98ac1c67cd59375485942cb83e0cf234d4b111a9e670d07db1790f4d23
                                                                                                                                                                                                                                          • Instruction ID: f8e0c32e0e4d89a777df1701f961b7ba1eb87b3a3cb0b676a3dade115ca632f5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c7f4b98ac1c67cd59375485942cb83e0cf234d4b111a9e670d07db1790f4d23
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8212722E1EA9A4FE799EB2C94562B933D1FF94284B08447BC04DC7186FF58F8424352
                                                                                                                                                                                                                                          Function 00007FF848A9BBCF Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: bd088114fd0dd601655147036d2f510958ec851d9b3230ce30e6af33f397b9eb
                                                                                                                                                                                                                                          • Instruction ID: cea0c8389df5311c512fc3413d3406745666ab217e839a80a95610184569a8ed
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd088114fd0dd601655147036d2f510958ec851d9b3230ce30e6af33f397b9eb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E21383160D7094FD7A8EA4DE886B7633D5EF95360F040179E44EC3691DE65FC028756
                                                                                                                                                                                                                                          Function 00007FF848AA2905 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 20c7e1c593c6db664e3264b5d48deef7927c6f54546761416b80c8e27cd10300
                                                                                                                                                                                                                                          • Instruction ID: 84a2081a593c7d12d9b362de56394e97d278547f283d9b7bf4aa52b1d30f36a9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 20c7e1c593c6db664e3264b5d48deef7927c6f54546761416b80c8e27cd10300
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03212932F4EA464FE3A4A63D78620787BC0EF84654B0801FBD41CC7296DA5E58828785
                                                                                                                                                                                                                                          Function 00007FF848CA7949 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d3796309560b330933ecf3e7e45e6a2b128c2bde4374379edad85c738f2608a1
                                                                                                                                                                                                                                          • Instruction ID: 2159cd38fbf45e9cc8be7d743f16b993770906dfb7837249eff4631743b6ecca
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d3796309560b330933ecf3e7e45e6a2b128c2bde4374379edad85c738f2608a1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7213231A0EBC55FE396E63888696653FE1EF5620070900EBC088CB1E3DB18980BC352
                                                                                                                                                                                                                                          Function 00007FF848CB4953 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c56aa4a3190e100a9f5a65cd0be979c4fcaa6c8d397da888aa45607e3a69ae7a
                                                                                                                                                                                                                                          • Instruction ID: 5d843961bf10e58e8fb4725c99505b7e9bd15886f4630f36e06f175d5fb032a6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c56aa4a3190e100a9f5a65cd0be979c4fcaa6c8d397da888aa45607e3a69ae7a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87213811E0DE8A4FEBE5E76C38542742BD4EF79385F1402B7C14ED7292CA08AD454349
                                                                                                                                                                                                                                          Function 00007FF848AA6A09 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e67deca3327bc291ffd9bcd9e4dd642c3880d1d0603624131d0a4e88a5e58081
                                                                                                                                                                                                                                          • Instruction ID: e8df3f10e2a6f761d8e7ec7b3e7b9acbd35770c96e2bff10e7dede8c2fc6c93a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e67deca3327bc291ffd9bcd9e4dd642c3880d1d0603624131d0a4e88a5e58081
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A021E060A4FBC64FD756E73848161A53FB1EF43690F1D84FAC084CB5A7D6599C0AC362
                                                                                                                                                                                                                                          Function 00007FF848A9BEEC Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 6d816e355c9500ec2098e302eefe26e9a6b3ec157e4dccc601292afe9b426094
                                                                                                                                                                                                                                          • Instruction ID: 8c8e47348759e2350ec3d89ad2d125e53c9b7aba8b3049831c18c25590e88a4c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d816e355c9500ec2098e302eefe26e9a6b3ec157e4dccc601292afe9b426094
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6221E571E1D99A9FE754FAAC94462BC77E1FF94790F0404B9C009C7182DE68A8478711
                                                                                                                                                                                                                                          Function 00007FF848A95201 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 36231c6ddc576ec6f1f15dc574d5057403a3a1883b6b3b1fe4278f4db66fcf46
                                                                                                                                                                                                                                          • Instruction ID: 2dca8bbe82332a555836c8fbf79aba8e83559667d9b2e8caf5537a8a01f47cc7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36231c6ddc576ec6f1f15dc574d5057403a3a1883b6b3b1fe4278f4db66fcf46
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B21DEB4909A4C9FDB84EFA8D85A2EDBBF0FF64310F0004BBD009E32A1DB645841CB91
                                                                                                                                                                                                                                          Function 00007FF848AA6B41 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c20d0396e526ab97406df62ae117f3a3d5f6224d5f895f038921ed309ea8deed
                                                                                                                                                                                                                                          • Instruction ID: ce32dfdc32e620e0ea7008a02223d2a493b9b17f91c538544a925d3be46092d6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c20d0396e526ab97406df62ae117f3a3d5f6224d5f895f038921ed309ea8deed
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D21683180CB854FE744FB288816665F7E0FF99390F0805BEC08AC3192DE68E9418B43
                                                                                                                                                                                                                                          Function 00007FF848A9852F Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 46a928c84ee9b3d842ee0d0388f4eb256cfdf15bee973d0631eeb547387c7b3c
                                                                                                                                                                                                                                          • Instruction ID: c4f8014c29b9e7e75a77ba96f28f46fccd561ba357a44a1c5b5286589483168e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 46a928c84ee9b3d842ee0d0388f4eb256cfdf15bee973d0631eeb547387c7b3c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E031A230D0DA4D9FEB45EBB8C84A6ECBBF0EF09350F5405B9D049E7192CB3828468B12
                                                                                                                                                                                                                                          Function 00007FF848CAC3CB Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: de9e89244596ffd9f407883fee9e565e9aca5da9af3da0886fec39f6e5650327
                                                                                                                                                                                                                                          • Instruction ID: 871a2c7a69fd2680ab3ba2e5d9cd88afcca79167d7ab959f640cdaaea9122487
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: de9e89244596ffd9f407883fee9e565e9aca5da9af3da0886fec39f6e5650327
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4711A132E1DA4E4FEB98EB6CA8452FD77D1EF84650F0005BBD41DC3296EE65A9014284
                                                                                                                                                                                                                                          Function 00007FF848AA4F4F Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 0fbd3746a693d11ef8e42bdd26b8386a6f590ec0aee13cb2e8aba77be0f25f6a
                                                                                                                                                                                                                                          • Instruction ID: 526203925d7603344fca16944a517e06b5a5ccce37c6ea16aef7b463654cea99
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0fbd3746a693d11ef8e42bdd26b8386a6f590ec0aee13cb2e8aba77be0f25f6a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E21E43270A8185FEB94FB3CD059AF973E1EF98321B05427AD089C72A2DE64EC45C790
                                                                                                                                                                                                                                          Function 00007FF848A9425B Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: f19806142c7b71fffa7ce7db8f6153114b228b19f0ed15e10f7ec16f435951a0
                                                                                                                                                                                                                                          • Instruction ID: ba9655b92b81364b48a5f494be8264051786cecfc389ed17321ee7900e09d525
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f19806142c7b71fffa7ce7db8f6153114b228b19f0ed15e10f7ec16f435951a0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D216D3188F3C54FD3129B6068125E57F78AF03299F1A01E7D088DB493C66D559AC776
                                                                                                                                                                                                                                          Function 00007FF848A92E38 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 49d063e924947d5471f36c2c315bb2ce73618c6048623b8a041ecac6e546fe6e
                                                                                                                                                                                                                                          • Instruction ID: 1adc8e2b8582a8f0d72f376e7b350eecb02c8221f7b6a3d4b82f23b3905e5d65
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 49d063e924947d5471f36c2c315bb2ce73618c6048623b8a041ecac6e546fe6e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F21D33291EA8D4FEB94FF2888852B97FA0FF25348F0405BAD41CC7196EF6499458752
                                                                                                                                                                                                                                          Function 00007FF848A9D0C5 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 995ed1c9f67f8635cc18619bcf4c21a2fb78fe511f7bcb0dfc771df826d81e32
                                                                                                                                                                                                                                          • Instruction ID: 2779697368b7f8dba12697923a392a99e5aa8c1b541a170516f9a6e59d5a1756
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 995ed1c9f67f8635cc18619bcf4c21a2fb78fe511f7bcb0dfc771df826d81e32
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C21D16081E7C65FD317933458116A1BFE0AF42354F0945EAC08ACA493DBE8548A83A7
                                                                                                                                                                                                                                          Function 00007FF848A90C58 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c777c8eb29a3819eb2b6848c134775b2e85bd960b33dcf88f4f46fafddaaf1eb
                                                                                                                                                                                                                                          • Instruction ID: a471c9696000152891fd0c31cba5499cb7c2fbbab6e64438ebfec5d24f61eaab
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c777c8eb29a3819eb2b6848c134775b2e85bd960b33dcf88f4f46fafddaaf1eb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8219AB680E69A9FD315FB3488031EA3BD0EF423A0F0104BAD1088B1E3DF680944C782
                                                                                                                                                                                                                                          Function 00007FF848CA43D5 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d466d0f3d4ec0efc22ab8ade3e6eaf05e145456fb5a09bfbcef5e64d3b4c870b
                                                                                                                                                                                                                                          • Instruction ID: 108fd46bd9ce210894da8d3df5a5f4a07e7149e07064321cd8623a2f67f4cd20
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d466d0f3d4ec0efc22ab8ade3e6eaf05e145456fb5a09bfbcef5e64d3b4c870b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B21E130A0DE590FDB95F72C809867937E1FF48740F4504BAD08EC76A2CF18AC828396
                                                                                                                                                                                                                                          Function 00007FF848AA6181 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 13cf0be4b3892233b24ee3afc47933393024c5048919308d67b50efc2251eb14
                                                                                                                                                                                                                                          • Instruction ID: 5477fa8e27a5b6dc2705ea0588f0e2d7309ad8cc17dd220770b39973022660f2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13cf0be4b3892233b24ee3afc47933393024c5048919308d67b50efc2251eb14
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF110A32F0EF454FE7A5D96D2C961782AC1EF59281B0E01FBD408C36A6EE55CC058746
                                                                                                                                                                                                                                          Function 00007FF848CAC600 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a98808e70d445bb334096a685dc6d94763bd68e71db3004e497186e4fb6bfee8
                                                                                                                                                                                                                                          • Instruction ID: a4066375605e1a4cd98aa0be8b68a6c7726d6757f9d05e7e159551eb8f663ffe
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a98808e70d445bb334096a685dc6d94763bd68e71db3004e497186e4fb6bfee8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0921017014AB099FD798FB688849BB277E4EF85314F1404F9D00ACB1A6DA3AAC91C790
                                                                                                                                                                                                                                          Function 00007FF848CA0335 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3a06a50767b45b8918c6c6ad6add50f3122b60d3261e8fc404d8a7803632bd58
                                                                                                                                                                                                                                          • Instruction ID: 304e2df3a78cb4c92c2e8b2a7d15f01166d7659abc71de398595fc834f6e06af
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a06a50767b45b8918c6c6ad6add50f3122b60d3261e8fc404d8a7803632bd58
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16115C32E1E7A40FD359A62D6C590B57FE0EF4766170905FBE486C7163D905AC0683D1
                                                                                                                                                                                                                                          Function 00007FF848AA61A0 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: bb6ed903116ee446f32b9cc80bf6ed254a11cfc4def0243a245c92e76631d20a
                                                                                                                                                                                                                                          • Instruction ID: 5952edd31efd809a2b7f30bb144ae7c2da03f64de9674c008a99a41bf2203b76
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bb6ed903116ee446f32b9cc80bf6ed254a11cfc4def0243a245c92e76631d20a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C5114C32F0FE494FE7E4A96D3C561782AC0EB98291B0901BBD80CC3766ED55CC458346
                                                                                                                                                                                                                                          Function 00007FF848A9E968 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8d0d6cd0afb69aebd50289b2bb06846c17ed41ecf38d1199039c7fec4c666a92
                                                                                                                                                                                                                                          • Instruction ID: 8b62d6c397e0601c1b27f25b2ac4037e31f565b117b0a633b1647121a69d2f4b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d0d6cd0afb69aebd50289b2bb06846c17ed41ecf38d1199039c7fec4c666a92
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F7113370A0EBC65FE755F63C58061763BE0EF426D0F1888FAD048CB5A6DA69DC0AC352
                                                                                                                                                                                                                                          Function 00007FF848A94F88 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 14c9df69dc4f5525053594d0870d35ac47d2653d00a544b60d4281ac838bfb40
                                                                                                                                                                                                                                          • Instruction ID: 11c3cd70a3d29f57ca3a4685b75bed8d4d9da50a4619d81883cc97e529ef7898
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14c9df69dc4f5525053594d0870d35ac47d2653d00a544b60d4281ac838bfb40
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72218130D1FA4A8FE750FB64881B3B9B7E0EF05784F4019B5D00987192CFE868418B56
                                                                                                                                                                                                                                          Function 00007FF848AA529D Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: f356f05ee0bb2e483583eb723e463fe7a88fc13644bd5c05d482d496054aaa7b
                                                                                                                                                                                                                                          • Instruction ID: 2429d1708afaf8f3dfc31f1baee1d9c5256dcaf4b7a2f33f85933ba219ef3659
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f356f05ee0bb2e483583eb723e463fe7a88fc13644bd5c05d482d496054aaa7b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F3219F30A1DF459FEE94EB2CC091BA573D1EF98380F4444B9C08AC7696CEA8F845C761
                                                                                                                                                                                                                                          Function 00007FF848AA5B59 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 64f5fcedea59a441ab5aae7943d9de0eb5c192988aa4899288b9ec624f6f12eb
                                                                                                                                                                                                                                          • Instruction ID: 34d540b242cea00de72455b659a70b4e8256aed5789fd882a6003318c9fd74a4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 64f5fcedea59a441ab5aae7943d9de0eb5c192988aa4899288b9ec624f6f12eb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD112C21A0DB4E0FE798EA6C64566B577C1EF992D2F04007AD40CC35C2EF59EC414359
                                                                                                                                                                                                                                          Function 00007FF848A9A0F3 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 6da258aafa59dc51e3091b14ef0c94e328f1e438f703cea1f29e0c994ce2f89c
                                                                                                                                                                                                                                          • Instruction ID: a650c3abd3f851faa29b7c397e2ca0619d794ae9cc8f0dd69d1705357193fcdf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6da258aafa59dc51e3091b14ef0c94e328f1e438f703cea1f29e0c994ce2f89c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E4117872D0EA8A6FD368EA3C4C6B1F53F90EF44694F0404BBD11C83092EA553449C752
                                                                                                                                                                                                                                          Function 00007FF848A9BF66 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3433f270c7c63ed9d6c7730962b7692db44e55d9677d331841a1ddba97faa37d
                                                                                                                                                                                                                                          • Instruction ID: 91e3918a9d1e81ab5f42256d581a45dfd858d87b5d2d9c602509d84cdb1f327e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3433f270c7c63ed9d6c7730962b7692db44e55d9677d331841a1ddba97faa37d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD11386190EAC64FE356EA7C444A2B47BE1EF55698F0805FAC04AC7193CEA8984B8351
                                                                                                                                                                                                                                          Function 00007FF848A9DB76 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: cbee08e7bd86e118b0c2363f318935e8857020962e8bfb13ce45a3fded6d1e71
                                                                                                                                                                                                                                          • Instruction ID: 0829eb1620fbe46a2a53bb9a5d716439dcf7c82fa2e75507a9ce8ca4f1556dd8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cbee08e7bd86e118b0c2363f318935e8857020962e8bfb13ce45a3fded6d1e71
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7611303110DA0C8FCB85EF58D481DA6FBE0EF95394F104A5FE04AC6164DA72E5C5CB82
                                                                                                                                                                                                                                          Function 00007FF848A9CFFE Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 0af7afbd0a5bb615be2c34a256e77905a93b564d4d2a2a756d10e135ca8d59e8
                                                                                                                                                                                                                                          • Instruction ID: eb1ef840e3805474380ea8f3954e61494d967ca6a1214703803fd2ee4afc6133
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0af7afbd0a5bb615be2c34a256e77905a93b564d4d2a2a756d10e135ca8d59e8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 88115E31B0DD098FD668EB5CE85667C73E1EB98751B4005BAE00DC7296CE24AC4287C6
                                                                                                                                                                                                                                          Function 00007FF848CA43F0 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 74d5dca3d069e370f4e790c9e15a0e1cd795868bedfffedf3db4093ce4754e6a
                                                                                                                                                                                                                                          • Instruction ID: 52efc5c394a106952628aa0f38cc142009953a7a55495b2a1b5edd1ee08e07f4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 74d5dca3d069e370f4e790c9e15a0e1cd795868bedfffedf3db4093ce4754e6a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 94115E30B0DD194FDAA4FB2C9499B7A32D2FF88745F510579E04EC3692CF28AC418796
                                                                                                                                                                                                                                          Function 00007FF848A9E362 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 6f8fea63cd4e22ff3832395267f1c05a18a0bc2e25420bb1f90e1d183b498503
                                                                                                                                                                                                                                          • Instruction ID: d8e5302f7b9c0c0f4a908dfb53b820a4165e2806c1831b8e71e6e591a0e65ba4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f8fea63cd4e22ff3832395267f1c05a18a0bc2e25420bb1f90e1d183b498503
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72112B30A0DA458FE309FB34841A1BA7BE1EF81354F044A7EC09FC71A7DF6865468751
                                                                                                                                                                                                                                          Function 00007FF848A95C19 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 5de4f06c3fb16d1ea0c4a7935680d53e0be0b94a050acbe0f0697485f1883903
                                                                                                                                                                                                                                          • Instruction ID: c94b0a721b7d6b721dfa7ff81f83e97c16ed3bc32f94adfc9617a8983f8ae268
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5de4f06c3fb16d1ea0c4a7935680d53e0be0b94a050acbe0f0697485f1883903
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 271163B051EB899FD746EBB4885A59DBFF0EF16350F1408ADC0459B1A2C679484ACB11
                                                                                                                                                                                                                                          Function 00007FF848CA0AD9 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 40b1139c0991cdbfa78fd6c4c17ab03354d963d74c9576a4aba05b052ca5727c
                                                                                                                                                                                                                                          • Instruction ID: 7b009ee01d691af957368573d269dd14740f83b4aaee80c36a0c3f2035061ea0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 40b1139c0991cdbfa78fd6c4c17ab03354d963d74c9576a4aba05b052ca5727c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A012231F1DE4E9FEB98FA2D285123473C2EB88694B44007AD00DC3287DE18AC51C388
                                                                                                                                                                                                                                          Function 00007FF848CB4655 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8331478c2b754da22b74f7eb93399be485020bce404641f3251974da425d71bb
                                                                                                                                                                                                                                          • Instruction ID: cc22b1d5c7c46ef00bd30cd52d17f70ad342ef016b3ef894a2ac4b84fb1e9179
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8331478c2b754da22b74f7eb93399be485020bce404641f3251974da425d71bb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5901F73060CE5D8FDBA4E72DC594E747BD0EF6935570904DAD08ACB2B2DA28ECC68791
                                                                                                                                                                                                                                          Function 00007FF848A9DAA5 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ddc6f25ea419654755abf29a34ad325b7fd5f0f0f7ac5ebd18342ec438221d44
                                                                                                                                                                                                                                          • Instruction ID: 73fbc6091aa699329e0c719f53194b06889321bdefe0e00097c3252a7272e65c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ddc6f25ea419654755abf29a34ad325b7fd5f0f0f7ac5ebd18342ec438221d44
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B112E7050E7C44FC7079B3888659517FF09F67255B0A45EFD088CB1A3C669984AC726
                                                                                                                                                                                                                                          Function 00007FF848A9EFAD Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: f64a4922b99edec9a8931ee1c2bbe876e0bad9415790e1a093fc76c21d4f7d2e
                                                                                                                                                                                                                                          • Instruction ID: 29c83f54446ec56d99d061945038bd40b9ffd7f9cf9cac2498d1463e1febff5b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f64a4922b99edec9a8931ee1c2bbe876e0bad9415790e1a093fc76c21d4f7d2e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A110661D0EAC94FE762A6349C221F83F60EF12684F0905FBC488C71D3EE5C18468727
                                                                                                                                                                                                                                          Function 00007FF848A9748A Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 0c64fab57d45939629fc14b9e547281bcdfc4929ca937d93298e462449d8546a
                                                                                                                                                                                                                                          • Instruction ID: 627711ad0f71fa2c435f6e50fcc95cd2ad6cd581e127ba8f47e37f5f09e83a9c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c64fab57d45939629fc14b9e547281bcdfc4929ca937d93298e462449d8546a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0311B031E0DA1D8EDB98EF9894967BCB7B1FF59344F0015AAC00DE3242DB7069818B15
                                                                                                                                                                                                                                          Function 00007FF848AA84C3 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8d29684f477e5608f2772bc5f7964ef6ce9b2b11fb3722a5ef2b803870ddcebf
                                                                                                                                                                                                                                          • Instruction ID: 36d85db6b56d94d31475c70029fb9ed6af54aee6d72d3679502323aa1a19525a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d29684f477e5608f2772bc5f7964ef6ce9b2b11fb3722a5ef2b803870ddcebf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99016D32F0D90D4FE6E8FA1CA89667433C1FB596A070405A6D40EC7A52DA15EC424786
                                                                                                                                                                                                                                          Function 00007FF848A9A670 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: aadf1201310fa58e466b555499da0bd30fc99c2b3401f4d3ef959f2fc81da9f5
                                                                                                                                                                                                                                          • Instruction ID: 587f3c5241687815189f43f81a653da2e342577129c22c3785e55d6fe4aacfea
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aadf1201310fa58e466b555499da0bd30fc99c2b3401f4d3ef959f2fc81da9f5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB01F931B0D80D0FD6D4EA6CA84577633C1EB98364F00067BE40DC3256EE95EC418396
                                                                                                                                                                                                                                          Function 00007FF848AA534E Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: bdc6a2585a16384a23186d25f5cd306d47d9ca758dce95de1327d3e2bb2a9c76
                                                                                                                                                                                                                                          • Instruction ID: 5ee561c50297d38462a5aabdc7ce0ca704583e1a5db334a9dd3bae2c9896edb9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bdc6a2585a16384a23186d25f5cd306d47d9ca758dce95de1327d3e2bb2a9c76
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B019E62F0EA4A4FE798E6AC102923477D1EFE41E1B0501BBC00CD3591CDD56C0A8375
                                                                                                                                                                                                                                          Function 00007FF848A94DD6 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 6eb61fc2a62e22406d0001416d38fb34f924aec6de769ffa33619f28a302e017
                                                                                                                                                                                                                                          • Instruction ID: ce5d84e62c77f646200c200c6b6fcf811d51e07dfceedcdd97a3e8c96a304ca6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6eb61fc2a62e22406d0001416d38fb34f924aec6de769ffa33619f28a302e017
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52112A70D0A9599FEB94EB2CD855BACB7B1FF55340F1041B9D04DE3295CE796886CB00
                                                                                                                                                                                                                                          Function 00007FF848A95E82 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 0d18c7cca22f5f7c2294413ff3dfd65cf5501520b18f3c4caaf5afbbd2c90b4e
                                                                                                                                                                                                                                          • Instruction ID: 5fbe517a6c1b24fe7fef2a11953179db409d92ce37fcf3144390e7d78008e34f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d18c7cca22f5f7c2294413ff3dfd65cf5501520b18f3c4caaf5afbbd2c90b4e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9511AC70D1E74D9FDB06EFA8884B6ACBBF0EF05340F0405BAD045971A2DB38A842CB52
                                                                                                                                                                                                                                          Function 00007FF848AA7A61 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: fe5f2856baf8c93ef0cbfffe24092f67c26cb5c2edb63cec5f53e773629a77b0
                                                                                                                                                                                                                                          • Instruction ID: 7eab1d79ce77adee1fd8cd70f4c87927c8a3177b6c69d7068bf40e7e2a9e55cb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe5f2856baf8c93ef0cbfffe24092f67c26cb5c2edb63cec5f53e773629a77b0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53F0B43270DA881FE394A52CAC5E9723BD4DBAA27671502FFE848C7163EA429C02C355
                                                                                                                                                                                                                                          Function 00007FF848CAC3E4 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 0e123adab4aa1a45ed44a03250efc0da4a72bf44537611ddf1921fcc0884f081
                                                                                                                                                                                                                                          • Instruction ID: dab7a06a21f427dac1624c777f4604e5307ae42ddca0ea8ce8fd1692bd483153
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e123adab4aa1a45ed44a03250efc0da4a72bf44537611ddf1921fcc0884f081
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97F09663F5DB5A0EE7DCA65C34462F4A3C1DB85AA4F045177C40DC328BED1AAC030188
                                                                                                                                                                                                                                          Function 00007FF848CA8764 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: bc705df173695ea3ab76a3ae50d4d0b63095f52bed5c85059d046c30dbde15ec
                                                                                                                                                                                                                                          • Instruction ID: f6f4e397e69c9a2966d6159a5e7916a566574b0599462c687b4af3d7bba7862e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc705df173695ea3ab76a3ae50d4d0b63095f52bed5c85059d046c30dbde15ec
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47018431B1C95D4FEBD8EA2CA8457B873D2FB883A0F0440B6D00DC3246DE24AC828740
                                                                                                                                                                                                                                          Function 00007FF848A9CE07 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7b56102527cbcadb45acac89b1c30989126c999e44ee36f41bbb35bdc1f713df
                                                                                                                                                                                                                                          • Instruction ID: 16248e15bbb00154c541b5e5a56f018cdf5a2b9e64537adcca582ac06c6a7ebe
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b56102527cbcadb45acac89b1c30989126c999e44ee36f41bbb35bdc1f713df
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4801F52162DF865ED368F738A4027F666D1FF80344F445879D08EC7286EEE464448396
                                                                                                                                                                                                                                          Function 00007FF848A9C0D0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: baa3241279d133c46365c4fa3da25fd55897ffc3c3e8f7f1683095480a32e3cc
                                                                                                                                                                                                                                          • Instruction ID: 982f5cfa2a484e81273f0abb6e4935f4a384c667c9c8ad7d415d8328cfd1d990
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: baa3241279d133c46365c4fa3da25fd55897ffc3c3e8f7f1683095480a32e3cc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26F04471A2DD4B4FDAA8FA1C9441676B3E1FFE8380B5405BAD40DC3248EF64EC024380
                                                                                                                                                                                                                                          Function 00007FF848AA0AE9 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2be98e3499d2566ae5b23617d5318660fc6572bb971b07f5cdf4495aa693f7dc
                                                                                                                                                                                                                                          • Instruction ID: 83c303c4f4f26539bb6e8281f1c1fb1d56535ce92600355b615449b8d2d61cc9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2be98e3499d2566ae5b23617d5318660fc6572bb971b07f5cdf4495aa693f7dc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B01D63150E7C95FD347973898252A1BFE1EF87229F0905FFD584CB2A2DA5A4C16C352
                                                                                                                                                                                                                                          Function 00007FF848A99CE0 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 46f2b0bc96c905a9787ca3e4b4be26020367f162ef5454c80c36082821ec75ec
                                                                                                                                                                                                                                          • Instruction ID: 86804d2532a097b599d7b8689f07139026b0cbe09e5e2e15994ff0e281f2995b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 46f2b0bc96c905a9787ca3e4b4be26020367f162ef5454c80c36082821ec75ec
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8014953A0E6A61FE225FA7DBC971E87B90EF83164B0814B7C008CA193DD4469858296
                                                                                                                                                                                                                                          Function 00007FF848A9AE30 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 98a3d78b0aa6de037a40f185f3022f02cd1a85501b467bc152110615e7c22d14
                                                                                                                                                                                                                                          • Instruction ID: 53a68858da7260efb7d06d06a07d0e988b2eb9bea0cf818745bc3ad7581ae8a4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 98a3d78b0aa6de037a40f185f3022f02cd1a85501b467bc152110615e7c22d14
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD01A220A2DD8A4FDA98EB2C80815BA73D1FF94344B44497AD40DC3189EE68E8818381
                                                                                                                                                                                                                                          Function 00007FF848CA6EED Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 72c7e06957ba4ed91f0f0e4c9c5f4d5b3def7d192d3547beeafa99d47f3e6e5a
                                                                                                                                                                                                                                          • Instruction ID: bf2309cd5afefd6fb468c53c5c26d5be0866e386f978678f712e2d13fb765e19
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 72c7e06957ba4ed91f0f0e4c9c5f4d5b3def7d192d3547beeafa99d47f3e6e5a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C012D7291DB1D5FEB61F764680BBFD77D0DF413B0F0101BAD04A83052DB29E4428289
                                                                                                                                                                                                                                          Function 00007FF848A94228 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7a1ee92a86692c8e5414159d788d3d2e99021655bf7e9833d70f3ee02d5a865e
                                                                                                                                                                                                                                          • Instruction ID: 6cfdd4f5fa44707405b7fcfa5067539c0504d3817212dc25252f878a4cb3bee2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a1ee92a86692c8e5414159d788d3d2e99021655bf7e9833d70f3ee02d5a865e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2DF0CD36D4E60C8FEB20EE94A4012F8F7B4FB82398F00243AC00CA3140D7BA9995CB59
                                                                                                                                                                                                                                          Function 00007FF848AA3240 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 0c32989c46147914c1f262f04c0011f9ae0053276300596f1c37fc483603f085
                                                                                                                                                                                                                                          • Instruction ID: f064c0e876345a17f2f9f4c4bccc719b09291b615fca4fce9275e9868126f33f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c32989c46147914c1f262f04c0011f9ae0053276300596f1c37fc483603f085
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D01DE3090EB088FD794FB28800A6AA7BD1EF983A5F04093EE889C3760DB7894418742
                                                                                                                                                                                                                                          Function 00007FF848AA3D85 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 08aaaffce61fd6e337b08becc02630eabbe7ed9a6d76cb5f8b829794c6f6a5eb
                                                                                                                                                                                                                                          • Instruction ID: 6f67b5026a0ba39b2f78f722b6dd108b1ff06d937869d62e1a5db35440936e40
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08aaaffce61fd6e337b08becc02630eabbe7ed9a6d76cb5f8b829794c6f6a5eb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01F0E941F0EA890FE395E66D28991B49BD1DBA9190B4802FBD04CC3297DC4C0C464356
                                                                                                                                                                                                                                          Function 00007FF848A95EF3 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 560b966c90388766d2194f965e1ce7c8556654ba9811e18ae0043fe00deee2b1
                                                                                                                                                                                                                                          • Instruction ID: a8daf2c875b1a73a22f8706f30f215561487110ef7f6809228a31db10407a30e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 560b966c90388766d2194f965e1ce7c8556654ba9811e18ae0043fe00deee2b1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8016971E0861C8FCB88EF98D4856FDBBB1EF88351F40412AD00DE7284CA745885CB51
                                                                                                                                                                                                                                          Function 00007FF848A94B89 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e1954a3c0f9766cda79072ce71d14643a477b874fd2a85866e005cf81318343d
                                                                                                                                                                                                                                          • Instruction ID: 68f7961059ac61da0c440f57281c17e301ba30a7ecc147dfaee661ce8c51bfdb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e1954a3c0f9766cda79072ce71d14643a477b874fd2a85866e005cf81318343d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6701D671C0E7C9AFE356EB78986A2E87FB0EF16254F0505F6D009C70A3DB6919498312
                                                                                                                                                                                                                                          Function 00007FF848A9AF99 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e646e6f628404cfbd47b7e87c4abfdafa1be78b2f9d08b5e8e314c15dd50a295
                                                                                                                                                                                                                                          • Instruction ID: 0d8108fe7600e5bd1ffd1659c3cbf02ac0c2940f6cd860a49c00280b2d64cb28
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e646e6f628404cfbd47b7e87c4abfdafa1be78b2f9d08b5e8e314c15dd50a295
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A016970C1DACE8FDB46EF2888641E97BB0FF69240F0408ABD858C76A2EAB559548741
                                                                                                                                                                                                                                          Function 00007FF848CAC7DD Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 6121c938250c2056379457aa402a3068df2c57886872d71d8df5f6619b5c2d89
                                                                                                                                                                                                                                          • Instruction ID: e3bafd6099994218d96648878ff2ee0f1394f02b6bfc97f18b9d984abe041b49
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6121c938250c2056379457aa402a3068df2c57886872d71d8df5f6619b5c2d89
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E01A97090E3498FDB89EF6880143FC76B6AF0A340F50107ED10E97292CB692808CB18
                                                                                                                                                                                                                                          Function 00007FF848AA0C42 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 945eb1c241a49e5220320d6ec14efaf59433d1711b8a9481957264d599bd853c
                                                                                                                                                                                                                                          • Instruction ID: 6baf5a2a31d3bea8c19153516301cdb022d15cc01d0847fa065cfb79e56f1e0e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 945eb1c241a49e5220320d6ec14efaf59433d1711b8a9481957264d599bd853c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7F02D3040EBC64FD31AFB3C94155A07BE0FF05390F4801F6D448CB193DA59A8958356
                                                                                                                                                                                                                                          Function 00007FF848A99E95 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: aa688aedc13c81e7ed0274f9cb77bc9b10d3edece50cc073279e2a52202256fa
                                                                                                                                                                                                                                          • Instruction ID: 7cf3f7d463fe0aea3bc9051ccc7b8a98b75dccd58624a2bee8284043700ac4c4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa688aedc13c81e7ed0274f9cb77bc9b10d3edece50cc073279e2a52202256fa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73F0E201E0FE8A2FE257E22C28661B81BC1DBD5560B4C01F6C448C7287EE8C489243A7
                                                                                                                                                                                                                                          Function 00007FF848A94B1D Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7bc65cb9d914ea7c3202dd80ec99e4e103ac6a93e5675ab98f019ceed1174cf2
                                                                                                                                                                                                                                          • Instruction ID: dbbeaa18ff87dc450fbb6654569e6d770b389a191ebb861fe7ec9f3b5b3a99b8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7bc65cb9d914ea7c3202dd80ec99e4e103ac6a93e5675ab98f019ceed1174cf2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE01A23080E68D8FDB44EF28C8562E97BA1FF55344F110879E40C87192CBB5A850C751
                                                                                                                                                                                                                                          Function 00007FF848A95E26 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d4739f058bc82959cb84a6208feb2f9756d2a700c33183a83e3da4e59656365a
                                                                                                                                                                                                                                          • Instruction ID: a2bc71afb09d24709b7fb5c1c9891d0a066f3d295aaa864c3e6251d7b833b654
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d4739f058bc82959cb84a6208feb2f9756d2a700c33183a83e3da4e59656365a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FEF06270A1EB8E9FDB56DB78881A6A9BBF0EF16250F1445EAC049C7152DA3488868B41
                                                                                                                                                                                                                                          Function 00007FF848A93E50 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: f2beb1d1a5743561131463de4f6c42abc02ba9679b780bb285a4572e50268015
                                                                                                                                                                                                                                          • Instruction ID: c293da48458392fd88ca99dc90385de3cdfc8b65721083912103f0ddbd9c8e1e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2beb1d1a5743561131463de4f6c42abc02ba9679b780bb285a4572e50268015
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8AF08531C0A60C8FD720AE69A0003F9F7B4EB4A349F40243AD00CA6180D3BA99A5CB29
                                                                                                                                                                                                                                          Function 00007FF848AA4BE5 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 5ab55a20ebf15e79dcf1f73a8ded8680468686908aacbc56a96367ca0dfd1418
                                                                                                                                                                                                                                          • Instruction ID: c11656fa1e4b5e6ad6f2b0f15cad1e362ba9adfcd23b0623a3d3cfb71c34bfbc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ab55a20ebf15e79dcf1f73a8ded8680468686908aacbc56a96367ca0dfd1418
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9BF0593140EB8A0FD358EB1C84455A0B7D0FF04390F4401B6E408C7692EB59E8808356
                                                                                                                                                                                                                                          Function 00007FF848A95DC7 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a66d3ae14de0484ad15ba0bd3bc6f747809946977a0c8382df0271654f8f63c2
                                                                                                                                                                                                                                          • Instruction ID: 11222c8e46cfd32d98f2bd3ed9b5b0e42ebd618c35cc79778fa09659183c0e2c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a66d3ae14de0484ad15ba0bd3bc6f747809946977a0c8382df0271654f8f63c2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C5014F70919B899FCB51EF78C8466ACBBF0EF15340F5144AAD449D7262DB346886CB41
                                                                                                                                                                                                                                          Function 00007FF848A95038 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 43ebbfe92367464ec083a933f46eb7a538b6f4ff03d68d2b8e1e547c9e9a2919
                                                                                                                                                                                                                                          • Instruction ID: 5ee19aa90a565bb528351ae274ba9306c87bd9ec8a217e2e3c22d146a19ec515
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 43ebbfe92367464ec083a933f46eb7a538b6f4ff03d68d2b8e1e547c9e9a2919
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2AF01731E0996D9FDBA4EA18D8526B8B3B2FB4A350F0045B6D01DE3281CE35AC46CB41
                                                                                                                                                                                                                                          Function 00007FF848A93B3E Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 24d3afba5a3e258ac6fe3a0f0a014769d37b5d518d88c4e9789780f5908d3140
                                                                                                                                                                                                                                          • Instruction ID: af1c19537a901bb86cdda0fbc4c73b590ecf3ef621c2734273aaa7bfeda1b150
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 24d3afba5a3e258ac6fe3a0f0a014769d37b5d518d88c4e9789780f5908d3140
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51F09AB4E0DA0DAFCB90EBAC94591FDBBF0FF28321F0006A6D508D7211DB3949018B50
                                                                                                                                                                                                                                          Function 00007FF848A98CE8 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7d490c0ec2ba61b2ad1996da03450d1d406a2854ff9bd15ef05852c74e2d4344
                                                                                                                                                                                                                                          • Instruction ID: 87774ec3e6d2988b73f984be5a889a7ca8cd236a5b8209a7b17513a6eb45fc52
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d490c0ec2ba61b2ad1996da03450d1d406a2854ff9bd15ef05852c74e2d4344
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CAF0A031C4E60D8FCB54EF54A4003FCB2B8FB0A209F402639D00CB2180D3B99A94CB2A
                                                                                                                                                                                                                                          Function 00007FF848A98691 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 4cc931d6e4f4023079f6d6c7f602447613fa19fb975d2221fed54d5cce751792
                                                                                                                                                                                                                                          • Instruction ID: 638a654873839e91d38112092d43c73154316f3b56215d98c637b70ba9a213ee
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4cc931d6e4f4023079f6d6c7f602447613fa19fb975d2221fed54d5cce751792
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BFF0E531C4D60D8FC714EE54E4413FDB2B4FB0A349F402539D10CA7180D7B99694CB59
                                                                                                                                                                                                                                          Function 00007FF848A9DF60 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 671729b4628372ac392af4c66c102a37c890517f120d0649af81342ab570128a
                                                                                                                                                                                                                                          • Instruction ID: 5665ae30dd75009ae6e57234056b3b30457cd9a08ae748ce90222f714eb89c3d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 671729b4628372ac392af4c66c102a37c890517f120d0649af81342ab570128a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69F0B43080E7C99FD746EB74485D4A87FF0EF06204F0404EBD869CB1A3EE6819898313
                                                                                                                                                                                                                                          Function 00007FF848CA3AD7 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 4fd7a185337b6ad603689ee7012453fe416910ced5a3d222aa99ead52ee322c7
                                                                                                                                                                                                                                          • Instruction ID: 4bcec3104d7019045997f6f352371da1c787c1882bd0847181e99510f6863def
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4fd7a185337b6ad603689ee7012453fe416910ced5a3d222aa99ead52ee322c7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0CF08C30A0D9098FD6A4FB2CE058B7877E1EF59311F1100B5E04DCB662CB3AEC468780
                                                                                                                                                                                                                                          Function 00007FF848AA538C Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: fd1d5169bf3a9d5a08397c2ae64a2124450c222a4127a9f20b165a30fbed4e1b
                                                                                                                                                                                                                                          • Instruction ID: 15d28f1f0349cae42c25d7ceb5f6ecd560aa1c3dc440716be7ac9eb09628ee8e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd1d5169bf3a9d5a08397c2ae64a2124450c222a4127a9f20b165a30fbed4e1b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02E09222F0ED0A4FE9A8E85C647123563D1EBA86E1710057BC00DC3584CA95EC0AC394
                                                                                                                                                                                                                                          Function 00007FF848A980DD Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 1e3453b5c5b484cfab088cb0524102a66c441ecf7f5127b517318d58abca4953
                                                                                                                                                                                                                                          • Instruction ID: 280e3d14f3d91f92ac0894db46396a67a21e3adad4b1b892327237c8a7c8a9d5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e3453b5c5b484cfab088cb0524102a66c441ecf7f5127b517318d58abca4953
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22F0897094D65D4FE7A5FE2484163FA72D0EB45340F0008BF910EE3291DFB95944CB55
                                                                                                                                                                                                                                          Function 00007FF848CA3AFC Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2794040485.00007FF848CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CA0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848ca0000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 67f6c78042836790eba17300cbb4041b15c3a1342f4775502bef79dbb101d865
                                                                                                                                                                                                                                          • Instruction ID: 0d5c7ef9dc3947f5d470f193c4c16c9d9285d453405136d2971eb7912f4b31e6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 67f6c78042836790eba17300cbb4041b15c3a1342f4775502bef79dbb101d865
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4DE0C93170C9098FD6E4E61CA458765B3E2EF99361F1501B6D04DC7255DA259C414784
                                                                                                                                                                                                                                          Function 00007FF848AA5AD0 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b5f509c8c517c94fa38660cff0097146574afd997725593c179be7aae4b0db78
                                                                                                                                                                                                                                          • Instruction ID: a657cdd53edc7f175b4b12517688f65a5ab836234dcb1a64f9572067405f8152
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b5f509c8c517c94fa38660cff0097146574afd997725593c179be7aae4b0db78
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1CE0C230619E090F9B9CE51D8099E3376D5DBAC28AB14443EA44DC3651CE64D806C765
                                                                                                                                                                                                                                          Function 00007FF848A93B03 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7afe72b994bb01e8e082a3c2a75b6de95451f603ab0d8c92cac65a903544da1b
                                                                                                                                                                                                                                          • Instruction ID: 2ff31964880430eb8abf0e9d2b59f5e24839702f7f19e4c2c4a076b432d9701f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7afe72b994bb01e8e082a3c2a75b6de95451f603ab0d8c92cac65a903544da1b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8E06D7050EB89AFC742FBB484464ECBFF09F0A210F1804BAD044AB1A3CB285882CB52
                                                                                                                                                                                                                                          Function 00007FF848A9806F Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: eafa0d0c097a2e2e04ee3dfde95b2555c84e9176c085747684f75a4e35dcb70b
                                                                                                                                                                                                                                          • Instruction ID: 30b6fe38dcf96ee7f7f65d429ba0e8806304161fd13600d1bfe4c5bea490d990
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eafa0d0c097a2e2e04ee3dfde95b2555c84e9176c085747684f75a4e35dcb70b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 41E0E535E0995D9ECB64EB68D8517EDB7B1FF94381F4050BAD00DE3252CE356981CB00
                                                                                                                                                                                                                                          Function 00007FF848AAEAB0 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ff65f8850baf2c4c8b9ea6c0c91ab68ed8a437f73e1586630a87086b62de293f
                                                                                                                                                                                                                                          • Instruction ID: 9b9f201906dcb5decb6388cd2529e130c0aa1c64b74e36e920f32d0b8e0a81c3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff65f8850baf2c4c8b9ea6c0c91ab68ed8a437f73e1586630a87086b62de293f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69E0E6A451FB8A6FCE42F77885171897FD05F46694F1989E9D0498F5A3D15D080EC312
                                                                                                                                                                                                                                          Function 00007FF848A9C007 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8c9ce6ea167ddc0e49d609fe4ab894cbce72b417d77b3f01c9ee6cb59faae512
                                                                                                                                                                                                                                          • Instruction ID: 4e545f3852b12c6d396b39975e61446bf66b73324ca847b09ed0a5c87378bcfa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c9ce6ea167ddc0e49d609fe4ab894cbce72b417d77b3f01c9ee6cb59faae512
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EED0230171DD490FB754F97874C11F9A1C1DBD4110F101537C41FC614ADD5C98464344
                                                                                                                                                                                                                                          Function 00007FF848A9DE82 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: db62a051ce5b78570be29e937759debc1e8a4bcc1c656e6ee3a647573504e392
                                                                                                                                                                                                                                          • Instruction ID: 871c96570bd3fd84c20bc0ea7ec3eef5bf55631b2c5bcc26816130e4adb3e52b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: db62a051ce5b78570be29e937759debc1e8a4bcc1c656e6ee3a647573504e392
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75B0123F20E1914FA30066EABC870E8F714E951136BC637DAC95285564D94A40D3A644
                                                                                                                                                                                                                                          Function 00007FF848A95D2A Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 6f936c2254210016ad7acf1cf980025805aeb9ae02bb9ec1c71eb81977f92ca4
                                                                                                                                                                                                                                          • Instruction ID: 0164627b7c05b4eb5e5b582673139a33d920bb413fa4cee6a389c92eb09d9ece
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f936c2254210016ad7acf1cf980025805aeb9ae02bb9ec1c71eb81977f92ca4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63C048A2D0C9198EEA85EA6C988A2E8ABA1FBA8659B000626C108D3244DF2058428B55
                                                                                                                                                                                                                                          Function 00007FF848A981AE Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e6bc522210f3b504866d6e4b7042059f015938c791024ad4bfbe3fa0cd74ab92
                                                                                                                                                                                                                                          • Instruction ID: 9803a1e127d935f4e4f927af4c48b03031804531dff311849ddcae3b5b9589db
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e6bc522210f3b504866d6e4b7042059f015938c791024ad4bfbe3fa0cd74ab92
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CEC02BB020170CDFC3838A74042C35479D09B10100F0400FF400DC72E0C5340C8B4700
                                                                                                                                                                                                                                          Function 00007FF848AA6B2E Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.2759849649.00007FF848A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_7ff848a90000_AteraAgent.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ce2e27484257db085a3770bab909e56d4e18c408408015d301d42a8cc96046ae
                                                                                                                                                                                                                                          • Instruction ID: d298379838a6dec61b4eb400f3b4efbe7ea3cd378001fb36a34be996dfd8346b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce2e27484257db085a3770bab909e56d4e18c408408015d301d42a8cc96046ae
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 38A0220880220200AE0CA0220B830FC2F80CA002E2FC800E2AC8C8F0E3F82C23CE0320